[Service]
Type=oneshot
# Create a file in /tmp/test-exec_bind_paths
ExecStart=/bin/sh -c 'touch /tmp/test-exec_bind_paths/thisisasimpletest'
# Then, the file can be access through /tmp
ExecStart=/bin/sh -c 'test -f /tmp/thisisasimpletest'
# Also, through /tmp/test-exec_bind_readonly_paths
ExecStart=/bin/sh -c 'test -f /tmp/test-exec_bind_readonly_paths/thisisasimpletest'
# The file cannot modify through /tmp/test-exec_bind_readonly_paths
ExecStart=/bin/sh -x -c '! touch /tmp/test-exec_bind_readonly_paths/thisisasimpletest'
# Cleanup
ExecStart=/bin/sh -c 'rm /tmp/thisisasimpletest'
BindPaths=/tmp:/tmp/test-exec_bind_paths
BindReadOnlyPaths=/tmp:/tmp/test-exec_bind_readonly_paths