To get what you intended to work, you'd have to either mount the block device that is responsible for /home read-only, at the file-system level _or_ adjust the propagated /home bind-mount that showed up under /var/lib/snapd/hostfs to be a read-only bind mount. Some of those operations are not atomic.
TL;DR: it's complicated and side effects can bite
I'll look at the snapd purge scripts to see if we can add a safety check when removing that specific directory.
As to how that /home was mounted rw. I think it's not a bug in either systemd or kernel. Again, it's how it is documented to work: https:/ /www.kernel. org/doc/ html/latest/ filesystems/ sharedsubtree. html
To get what you intended to work, you'd have to either mount the block device that is responsible for /home read-only, at the file-system level _or_ adjust the propagated /home bind-mount that showed up under /var/lib/ snapd/hostfs to be a read-only bind mount. Some of those operations are not atomic.
TL;DR: it's complicated and side effects can bite
I'll look at the snapd purge scripts to see if we can add a safety check when removing that specific directory.