Comment 19 for bug 1989019

As to how that /home was mounted rw. I think it's not a bug in either systemd or kernel. Again, it's how it is documented to work: https://www.kernel.org/doc/html/latest/filesystems/sharedsubtree.html

To get what you intended to work, you'd have to either mount the block device that is responsible for /home read-only, at the file-system level _or_ adjust the propagated /home bind-mount that showed up under /var/lib/snapd/hostfs to be a read-only bind mount. Some of those operations are not atomic.

TL;DR: it's complicated and side effects can bite

I'll look at the snapd purge scripts to see if we can add a safety check when removing that specific directory.