From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Jun 2014 19:37:40 +0000 (+0200)
Subject: namespace: also include /root in ProtectHome=
X-Git-Tag: v214~59
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f;p=elogind.git

namespace: also include /root in ProtectHome=

/root can't really be autofs, and is also a home, directory, so cover it
with ProtectHome=.
---

diff --git a/src/core/namespace.c b/src/core/namespace.c
index fcbfd87d4..43b904580 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -362,7 +362,7 @@ int setup_namespace(
                 strv_length(read_only_dirs) +
                 strv_length(inaccessible_dirs) +
                 private_dev +
-                (protect_home != PROTECT_HOME_NO ? 2 : 0) +
+                (protect_home != PROTECT_HOME_NO ? 3 : 0) +
                 (protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
                 (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
 
@@ -399,7 +399,7 @@ int setup_namespace(
                 }
 
                 if (protect_home != PROTECT_HOME_NO) {
-                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
+                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
                         if (r < 0)
                                 return r;
                 }