- if (options || arg_mount_options) {
- log_debug("Using mount options: %s", options ?: arg_mount_options);
+ /* Override the default for tmpfs mounts. The kernel sets the sticky bit on the root directory by
+ * default. This makes sense for the case when the user does 'mount -t tmpfs tmpfs /tmp', but less so
+ * for other directories.
+ *
+ * Let's also set some reasonable limits. We use the current umask, to match what a command to create
+ * directory would use, e.g. mkdir. */
+ if (arg_tmpfs) {
+ mode_t mask;
+
+ r = get_process_umask(0, &mask);
+ if (r < 0)
+ return r;
+
+ assert((mask & ~0777) == 0);
+ r = strextendf_with_separator(&options, ",",
+ "mode=0%o,nodev,nosuid%s", 0777 & ~mask, NESTED_TMPFS_LIMITS);
+ if (r < 0)
+ return r;
+ }
+
+ if (arg_mount_options)
+ if (!strextend_with_separator(&options, ",", arg_mount_options))
+ return -ENOMEM;