Hello,
I've stumbled on some odd, seemingly inconsistent behavior when the systemd
properties ProtectSystem=strict, ProtectHome=read-only, and ReadWritePaths are
used in combination.
Consider the following command:
run0 --property=ProtectSystem=strict --property=ProtectHome=read-only
--property=ReadWritePaths="$DIRECTORY" bash -c "findmnt -nru -o OPTIONS
--target=$DIRECTORY"
If $DIRECTORY is a non-root user's home directory, the above command shows that
the directory is mounted read-write in the transient service unit ("rw" is
among the options printed by findmnt). However, if $DIRECTORY is /root (the
root user's home directory), /root gets mounted read-only, as if the
ReadWritePaths directive was ignored.
I've confirmed this behavior in up-to-date Arch and Kubuntu 25.04 VMs.
Strangely, on a Fedora atomic desktop, this behavior does not occur with
/var/roothome, the root user's home directory. All three systems are running
systemd 257.
Does anyone know what's going on here? Is this a bug or just some complex
interaction of these properties that I'm not understanding properly?
Thanks,
Daniel Hast
