Comment 13 for bug 1989019

I think what you are experiencing is:

/ is mounted
/ is altered with shared mount event propagation (systemd default)
/ is bind-mounted to /var/lib/snapd/hostfs
/home is mounted

Because systemd uses shared mount propagation by default, the /home mount propagates to /var/lib/snapd/hostfs

Making a read-only bind mount does not affect, in any way, bind mounts that are made there. Propagation acts just like a bind mount.

I did a quick test: I've added this to my fstab:

none /home/tmp tmpfs defaults 0 0
/ /potato none defaults,ro,bind 0 0

Looking at mountinfo I see:

zyga@lambert:~$ cat /proc/self/mountinfo | grep home
95 30 0:37 / /home/tmp rw,relatime shared:46 - tmpfs none rw,inode64
96 92 0:37 / /potato/home/tmp rw,relatime shared:46 - tmpfs none rw,inode64

You can see that the /potato (alias for hostfs) bind-mount has access to a writable copy of the tmpfs at /home/tmp.