Yup, verified those options are *not* set in 7.2. For a quick test I simply removed them from /usr/lib/systemd/system/NetworkManager.service, did a systemctl daemon-reload, restarted NetworkManager, logged back in as root, and was able to whack /home (7.3).
On Tue, Dec 20, 2016 at 11:07 AM, Matthew Miller mattdm@mattdm.org wrote:
On Fri, Dec 16, 2016 at 02:29:28PM -0500, Jonathan Billings wrote:
The culprit? NetworkManager has /home open. I can't figure out *WHY*.
NetworkManager.service has 'ProtectHome=read-only', which keeps NM from writing there. I presume namespacing /home in this way counts against unmounting it. This is a good security protection for everyone running NM, so I can see it being worth the tradeoff vs. being able to move or remove /home on a live system.
(It also has ProtectSystem=true, which mounts /usr and /boot read-only as well.)
If you wanted to change this, drop ProtectHome=false into /etc/systemd/system/NetworkMananger.service.d/override.conf (possibly by using sudo systemctl edit foo NetworkMananger).
-- Matthew Miller mattdm@fedoraproject.org Fedora Project Leader _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos