From: Topi Miettinen <toiwoton@gmail.com>
Date: Tue, 10 Mar 2020 13:36:51 +0000 (+0200)
Subject: execute: don't create /tmp and /var/tmp if both are inaccessible
X-Git-Tag: v246-rc1~765^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=efa2f3a18b07cadaf5035b22deff197025f814f7;p=thirdparty%2Fsystemd.git

execute: don't create /tmp and /var/tmp if both are inaccessible

If both /tmp and either /var/tmp or whole /var are inaccessible, there's no
need to create the temporary directories.
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 587b77a3f47..00a2f2e17e4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -5371,7 +5371,10 @@ static int exec_runtime_make(Manager *m, const ExecContext *c, const char *id, E
         if (!c->private_network && !c->private_tmp && !c->network_namespace_path)
                 return 0;
 
-        if (c->private_tmp) {
+        if (c->private_tmp &&
+            !(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") &&
+              (prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") ||
+               prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) {
                 r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir);
                 if (r < 0)
                         return r;