namespace: don't consider raw image read-only if /home in it is writable
This commit is contained in:
parent
f10f4215b5
commit
c9ef8573be
|
@ -1105,7 +1105,9 @@ int setup_namespace(
|
|||
if (root_image) {
|
||||
dissect_image_flags |= DISSECT_IMAGE_REQUIRE_ROOT;
|
||||
|
||||
if (protect_system == PROTECT_SYSTEM_STRICT && strv_isempty(read_write_paths))
|
||||
if (protect_system == PROTECT_SYSTEM_STRICT &&
|
||||
protect_home != PROTECT_HOME_NO &&
|
||||
strv_isempty(read_write_paths))
|
||||
dissect_image_flags |= DISSECT_IMAGE_READ_ONLY;
|
||||
|
||||
r = loop_device_make_by_path(root_image,
|
||||
|
|
Loading…
Reference in New Issue