Lennart wanted to do this back in
https://github.com/systemd/systemd/commit/
01c33c1effaa2406ff7d2a7de08a3ee87aec9fc8.
For better or worse, this wasn't done because I thought that turning on MountAPIVFS
is a compat break for RootDirectory and people might be negatively surprised by it.
Without this, search for binaries doesn't work (access_fd() requires /proc).
Let's turn it on, but still allow overriding to "no".
When RootDirectory=/, MountAPIVFS=1 doesn't work. This might be a buglet on its
own, but this patch doesn't change the situation.
bool exec_context_get_effective_mount_apivfs(const ExecContext *c) {
assert(c);
+ /* Explicit setting wins */
if (c->mount_apivfs_set)
return c->mount_apivfs;
+ /* Default to "yes" if root directory or image are specified */
+ if (c->root_image || !empty_or_root(c->root_directory))
+ return true;
+
return false;
}