[systemd-devel] Odd behavior with ProtectSystem, ProtectHome, and ReadWritePaths=/root in combination
Michal Koutný
mkoutny at suse.com
Mon Jun 30 11:57:31 UTC 2025
Hello.
On Sat, Jun 21, 2025 at 02:20:10AM +0000, Daniel Hast <hast.daniel at protonmail.com> wrote:
> run0 --property=ProtectSystem=strict --property=ProtectHome=read-only --property=ReadWritePaths="$DIRECTORY" bash -c "findmnt -nru -o OPTIONS --target=$DIRECTORY"
>
> If $DIRECTORY is a non-root user's home directory, the above command
> shows that the directory is mounted read-write in the transient
> service unit ("rw" is among the options printed by findmnt). However,
> if $DIRECTORY is /root (the root user's home directory), /root gets
> mounted read-only, as if the ReadWritePaths directive was ignored.
I can see the samge with openSUSE's systemd-257.6.
> Does anyone know what's going on here?
ProtectHome takes precedence over ReadWritePaths? (only guessing)
> Is this a bug or just some complex interaction of these properties
> that I'm not understanding properly?
What would be your expectation for such a command line?
Thanks,
Michal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20250630/13556999/attachment.sig>
More information about the systemd-devel
mailing list