diff --git a/src/core/execute.c b/src/core/execute.c index 6b01d00d6e6..0df3971df67 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -1776,7 +1776,7 @@ static int build_pass_environment(const ExecContext *c, char ***ret) { static bool exec_needs_mount_namespace( const ExecContext *context, const ExecParameters *params, - ExecRuntime *runtime) { + const ExecRuntime *runtime) { assert(context); assert(params); @@ -1789,12 +1789,7 @@ static bool exec_needs_mount_namespace( !strv_isempty(context->inaccessible_paths)) return true; - if (context->n_bind_mounts > 0 || - !strv_isempty(context->directories[EXEC_DIRECTORY_RUNTIME].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_CACHE].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_LOGS].paths) || - !strv_isempty(context->directories[EXEC_DIRECTORY_CONFIGURATION].paths)) + if (context->n_bind_mounts > 0) return true; if (context->mount_flags != 0) @@ -1814,6 +1809,12 @@ static bool exec_needs_mount_namespace( if (context->mount_apivfs && (context->root_image || context->root_directory)) return true; + if (context->dynamic_user && + (!strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) || + !strv_isempty(context->directories[EXEC_DIRECTORY_CACHE].paths) || + !strv_isempty(context->directories[EXEC_DIRECTORY_LOGS].paths))) + return true; + return false; }