+ if (!strv_isempty(context->read_write_dirs) ||
+ !strv_isempty(context->read_only_dirs) ||
+ !strv_isempty(context->inaccessible_dirs) ||
+ context->mount_flags != 0 ||
+ (context->private_tmp && runtime && (runtime->tmp_dir || runtime->var_tmp_dir)) ||
+ params->bus_endpoint_path ||
+ context->private_devices ||
+ context->protect_system != PROTECT_SYSTEM_NO ||
+ context->protect_home != PROTECT_HOME_NO) {
+
+ char *tmp = NULL, *var = NULL;
+
+ /* The runtime struct only contains the parent
+ * of the private /tmp, which is
+ * non-accessible to world users. Inside of it
+ * there's a /tmp that is sticky, and that's
+ * the one we want to use here. */
+
+ if (context->private_tmp && runtime) {
+ if (runtime->tmp_dir)
+ tmp = strappenda(runtime->tmp_dir, "/tmp");
+ if (runtime->var_tmp_dir)
+ var = strappenda(runtime->var_tmp_dir, "/tmp");
+ }