From 8b0a0298b777d70682f8d7e5816f3fcdf47fd6c4 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 27 May 2025 22:35:03 +0200
Subject: [PATCH] core/exec-invoke: don't set $TMPDIR if sandboxing is disabled

Follow-up for 6156bec7a464815084fa5218fe782ea6cb20ad52
---
 src/core/exec-invoke.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index b27358d8dc9..9e946c6cbbd 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -2193,7 +2193,7 @@ static int build_environment(
         }
 
         assert(c->private_var_tmp >= 0 && c->private_var_tmp < _PRIVATE_TMP_MAX);
-        if (c->private_tmp != c->private_var_tmp) {
+        if (needs_sandboxing && c->private_tmp != c->private_var_tmp) {
                 assert(c->private_tmp == PRIVATE_TMP_DISCONNECTED);
                 assert(c->private_var_tmp == PRIVATE_TMP_NO);
 
-- 
2.47.3