<listitem><para>Takes a boolean argument or
<literal>read-only</literal>. If true, the directories
- <filename>/home</filename> and <filename>/run/user</filename>
+ <filename>/home</filename>, <filename>/root</filename> and
+ <filename>/run/user</filename>
are made inaccessible and empty for processes invoked by this
- unit. If set to <literal>read-only</literal>, the two
+ unit. If set to <literal>read-only</literal>, the three
directories are made read-only instead. It is recommended to
enable this setting for all long-running services (in
particular network-facing ones), to ensure they cannot get