namespace: don't consider raw image read-only if /home in it is writable

2018-04-04 10:14:25 +02:00 · 2018-04-04 10:14:25 +02:00 · c9ef8573be
parent f10f4215b5
commit c9ef8573be
1 changed files with 3 additions and 1 deletions
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@ -1105,7 +1105,9 @@ int setup_namespace(
        if (root_image) {
                dissect_image_flags |= DISSECT_IMAGE_REQUIRE_ROOT;

-                if (protect_system == PROTECT_SYSTEM_STRICT && strv_isempty(read_write_paths))
+                if (protect_system == PROTECT_SYSTEM_STRICT &&
+                    protect_home != PROTECT_HOME_NO &&
+                    strv_isempty(read_write_paths))
                        dissect_image_flags |= DISSECT_IMAGE_READ_ONLY;

                r = loop_device_make_by_path(root_image,