From 335b14ade5d5cb310353337fdf2b809bdcafe7e1 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 18 Jun 2024 15:56:45 +0200
Subject: [PATCH] core/exec-invoke: respect needs_sandboxing for PrivateTmp

Follow-up for 0e551b04efb911d38b586cca1a6a462c87a2cb1b
---
 src/core/exec-invoke.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 8b88ccb1e98..45f1539f758 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3205,8 +3205,6 @@ static int apply_mount_namespace(
                 .temporary_filesystems = context->temporary_filesystems,
                 .n_temporary_filesystems = context->n_temporary_filesystems,
 
-                .private_tmp = context->private_tmp,
-
                 .mount_images = context->mount_images,
                 .n_mount_images = context->n_mount_images,
                 .mount_image_policy = context->mount_image_policy ?: &image_policy_service,
@@ -3245,6 +3243,7 @@ static int apply_mount_namespace(
                 .private_dev = needs_sandboxing && context->private_devices,
                 .private_network = needs_sandboxing && exec_needs_network_namespace(context),
                 .private_ipc = needs_sandboxing && exec_needs_ipc_namespace(context),
+                .private_tmp = needs_sandboxing ? context->private_tmp : false,
 
                 .mount_apivfs = needs_sandboxing && exec_context_get_effective_mount_apivfs(context),