From c8835999c33c0443bf91e1a8fa6dd716a8ff0b0f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Jun 2014 21:37:40 +0200
Subject: [PATCH] namespace: also include /root in ProtectHome=

/root can't really be autofs, and is also a home, directory, so cover it
with ProtectHome=.
---
 src/core/namespace.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/core/namespace.c b/src/core/namespace.c
index fcbfd87d4..43b904580 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -362,7 +362,7 @@ int setup_namespace(
                 strv_length(read_only_dirs) +
                 strv_length(inaccessible_dirs) +
                 private_dev +
-                (protect_home != PROTECT_HOME_NO ? 2 : 0) +
+                (protect_home != PROTECT_HOME_NO ? 3 : 0) +
                 (protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
                 (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
 
@@ -399,7 +399,7 @@ int setup_namespace(
                 }
 
                 if (protect_home != PROTECT_HOME_NO) {
-                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
+                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
                         if (r < 0)
                                 return r;
                 }
-- 
2.30.2