From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 16 Mar 2026 18:45:58 +0000 (+0000)
Subject: man: document that with RuntimeDirecoryPreserve= dirs are under /run/private/
X-Git-Tag: v260~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c751714d8ce357b593e2be15fa3d0bd4e83df961;p=thirdparty%2Fsystemd.git

man: document that with RuntimeDirecoryPreserve= dirs are under /run/private/

This is not immediately obvious so document it explicitly.

Follow-up for 40cd2ecc26b776ef085fd0fd29e8e96f6422a0d3
---

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 093cd2780b6..48bec7361bd 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1773,6 +1773,15 @@ StateDirectory=aaa/bbb ccc</programlisting>
         <literal>tmpfs</literal>, then for system services the directories specified in
         <varname>RuntimeDirectory=</varname> are removed when the system is rebooted.</para>
 
+        <para>If <varname>DynamicUser=</varname> is used together with
+        <varname>RuntimeDirectoryPreserve=</varname> set to values other than <option>no</option>, the logic
+        is slightly altered: the <varname>RuntimeDirectory=</varname> directories are created below
+        <filename>/run/private/</filename>, which is a host directory made inaccessible to unprivileged
+        users, which ensures that access to these directories cannot be gained through dynamic user ID
+        recycling. Symbolic links are created to hide this difference in behaviour. Both from the
+        perspective of the host and from inside the unit, the relevant directories hence always appear
+        directly below <filename>/run/</filename>.</para>
+
         <xi:include href="version-info.xml" xpointer="v235"/></listitem>
       </varlistentry>