namespace: also include /root in ProtectHome=

author Lennart Poettering <lennart@poettering.net>

Thu, 5 Jun 2014 19:37:40 +0000 (21:37 +0200)

committer Lennart Poettering <lennart@poettering.net>

Thu, 5 Jun 2014 19:55:06 +0000 (21:55 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 5 Jun 2014 19:37:40 +0000 (21:37 +0200)
committer Lennart Poettering <lennart@poettering.net>
Thu, 5 Jun 2014 19:55:06 +0000 (21:55 +0200)
diff --git a/src/core/namespace.c b/src/core/namespace.c

index fcbfd87d4768b1c460d4f246988292acfd80bcfc..43b9045800cb175a9b5dce74f52c0e10b89bad33 100644 (file)
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -362,7 +362,7 @@ int setup_namespace(
                  strv_length(read_only_dirs) +
                  strv_length(inaccessible_dirs) +
                  private_dev +
-                (protect_home != PROTECT_HOME_NO ? 2 : 0) +
+                (protect_home != PROTECT_HOME_NO ? 3 : 0) +
                  (protect_system != PROTECT_SYSTEM_NO ? 1 : 0) +
                  (protect_system == PROTECT_SYSTEM_FULL ? 1 : 0);
  
@@ -399,7 +399,7 @@ int setup_namespace(
                  }
  
                  if (protect_home != PROTECT_HOME_NO) {
-                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
+                        r = append_mounts(&m, STRV_MAKE("-/home", "-/run/user", "-/root"), protect_home == PROTECT_HOME_READ_ONLY ? READONLY : INACCESSIBLE);
                          if (r < 0)
                                  return r;
                  }
author	Lennart Poettering <lennart@poettering.net>
	Thu, 5 Jun 2014 19:37:40 +0000 (21:37 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 5 Jun 2014 19:55:06 +0000 (21:55 +0200)