From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 27 May 2025 20:35:03 +0000 (+0200)
Subject: core/exec-invoke: don't set $TMPDIR if sandboxing is disabled
X-Git-Tag: v258-rc1~469^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b0a0298b777d70682f8d7e5816f3fcdf47fd6c4;p=thirdparty%2Fsystemd.git

core/exec-invoke: don't set $TMPDIR if sandboxing is disabled

Follow-up for 6156bec7a464815084fa5218fe782ea6cb20ad52
---

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index b27358d8dc9..9e946c6cbbd 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2193,7 +2193,7 @@ static int build_environment(
         }
 
         assert(c->private_var_tmp >= 0 && c->private_var_tmp < _PRIVATE_TMP_MAX);
-        if (c->private_tmp != c->private_var_tmp) {
+        if (needs_sandboxing && c->private_tmp != c->private_var_tmp) {
                 assert(c->private_tmp == PRIVATE_TMP_DISCONNECTED);
                 assert(c->private_var_tmp == PRIVATE_TMP_NO);