execute: don't create /tmp and /var/tmp if both are inaccessible

If both /tmp and either /var/tmp or whole /var are inaccessible, there's no
need to create the temporary directories.

diff --git a/src/core/execute.c b/src/core/execute.c
index 587b77a3f47c39af1c54733dd78a083a31f2f0c5..00a2f2e17e477d0610e680946c81d11f8346ddb9 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -5371,7 +5371,10 @@ static int exec_runtime_make(Manager *m, const ExecContext *c, const char *id, E
         if (!c->private_network && !c->private_tmp && !c->network_namespace_path)
                 return 0;
 
-        if (c->private_tmp) {
+        if (c->private_tmp &&
+            !(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") &&
+              (prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") ||
+               prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) {
                 r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir);
                 if (r < 0)
                         return r;