[Unit] Description=Test DynamicUser= with StateDirectory= [Service] ExecStart=test -w /var/lib/waldo ExecStart=test -w /var/lib/quux/pief ExecStart=touch /var/lib/waldo/yay ExecStart=touch /var/lib/quux/pief/yayyay ExecStart=test -f /var/lib/waldo/yay ExecStart=test -f /var/lib/quux/pief/yayyay ExecStart=test -f /var/lib/private/waldo/yay ExecStart=test -f /var/lib/private/quux/pief/yayyay ExecStart=/bin/sh -x -c 'test "$$STATE_DIRECTORY" = "%S/waldo:%S/quux/pief"' # Make sure that /var/lib/private/waldo is really the only writable directory besides the obvious candidates ExecStart=sh -x -c 'test $$(find / \( -path /var/tmp -o -path /tmp -o -path /proc -o -path /dev/mqueue -o -path /dev/shm -o -path /sys/fs/bpf -o -path /dev/.lxc \) -prune -o -type d -writable -print 2>/dev/null | sort -u | tr -d '\\\\n') = /var/lib/private/quux/pief/var/lib/private/waldo' Type=oneshot DynamicUser=yes StateDirectory=waldo quux/pief