The directories specified by RuntimeDirectory= or friends are created
on host. So, it is necessary to bind-mount them on root directory.
context->protect_control_groups)
return true;
- if (context->mount_apivfs && (context->root_image || context->root_directory))
- return true;
+ if (context->root_directory) {
+ ExecDirectoryType t;
+
+ if (context->mount_apivfs)
+ return true;
+
+ for (t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
+ if (!params->prefix[t])
+ continue;
+
+ if (!strv_isempty(context->directories[t].paths))
+ return true;
+ }
+ }
if (context->dynamic_user &&
(!strv_isempty(context->directories[EXEC_DIRECTORY_STATE].paths) ||