From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 18 Jun 2024 13:56:45 +0000 (+0200)
Subject: core/exec-invoke: respect needs_sandboxing for PrivateTmp
X-Git-Tag: v257-rc1~1077^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=335b14ade5d5cb310353337fdf2b809bdcafe7e1;p=thirdparty%2Fsystemd.git

core/exec-invoke: respect needs_sandboxing for PrivateTmp

Follow-up for 0e551b04efb911d38b586cca1a6a462c87a2cb1b
---

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 8b88ccb1e98..45f1539f758 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3205,8 +3205,6 @@ static int apply_mount_namespace(
                 .temporary_filesystems = context->temporary_filesystems,
                 .n_temporary_filesystems = context->n_temporary_filesystems,
 
-                .private_tmp = context->private_tmp,
-
                 .mount_images = context->mount_images,
                 .n_mount_images = context->n_mount_images,
                 .mount_image_policy = context->mount_image_policy ?: &image_policy_service,
@@ -3245,6 +3243,7 @@ static int apply_mount_namespace(
                 .private_dev = needs_sandboxing && context->private_devices,
                 .private_network = needs_sandboxing && exec_needs_network_namespace(context),
                 .private_ipc = needs_sandboxing && exec_needs_ipc_namespace(context),
+                .private_tmp = needs_sandboxing ? context->private_tmp : false,
 
                 .mount_apivfs = needs_sandboxing && exec_context_get_effective_mount_apivfs(context),