From 37c56f89d2563e5ee413e6d9ca70b01ecfbc3b4c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 25 May 2018 17:32:55 +0900
Subject: [PATCH] core: setup mount namespace when RootDirectory= and
 RuntimeDirectory= or friends are set

The directories specified by RuntimeDirectory= or friends are created
on host. So, it is necessary to bind-mount them on root directory.
---
 src/core/execute.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/core/execute.c b/src/core/execute.c
index 285fe5bf397..f36672c9df4 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1787,8 +1787,20 @@ static bool exec_needs_mount_namespace(
             context->protect_control_groups)
                 return true;
 
-        if (context->mount_apivfs && (context->root_image || context->root_directory))
-                return true;
+        if (context->root_directory) {
+                ExecDirectoryType t;
+
+                if (context->mount_apivfs)
+                        return true;
+
+                for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
+                        if (!params->prefix[t])
+                                continue;
+
+                        if (!strv_isempty(context->directories[t].paths))
+                                return true;
+                }
+        }
 
         if (context->dynamic_user &&
             (!strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) ||
-- 
2.47.3