diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 812e615530..68af3857da 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -93,10 +93,10 @@
the specified paths. This is equivalent to having them listed
explicitly in RequiresMountsFor=.
- Similar, units with PrivateTmp= enabled
- automatically get mount unit dependencies for all mounts
- required to access /tmp and
- /var/tmp.
+ Similar, units with PrivateTmp= enabled automatically get mount unit dependencies for all
+ mounts required to access /tmp and /var/tmp. They will also gain an
+ automatic After= dependency on
+ systemd-tmpfiles-setup.service8.Units whose standard output or error output is connected to ,
or (or their combinations with console output, see below) automatically acquire dependencies
@@ -1006,8 +1006,11 @@
systemd.unit5 for
details. This setting is implied if DynamicUser= is set. For this setting the same
restrictions regarding mount propagation and privileges apply as for ReadOnlyPaths= and
- related calls, see above.
-
+ related calls, see above. Enabling this setting has the side effect of adding Requires= and
+ After= dependencies on all mount units necessary to access /tmp and
+ /var/tmp. Moreover an implicitly After= ordering on
+ systemd-tmpfiles-setup.service8
+ is added.
diff --git a/src/basic/special.h b/src/basic/special.h
index 5276bcf598..feb8e5fe21 100644
--- a/src/basic/special.h
+++ b/src/basic/special.h
@@ -103,6 +103,7 @@
#define SPECIAL_DBUS_SOCKET "dbus.socket"
#define SPECIAL_JOURNALD_SOCKET "systemd-journald.socket"
#define SPECIAL_JOURNALD_SERVICE "systemd-journald.service"
+#define SPECIAL_TMPFILES_SETUP_SERVICE "systemd-tmpfiles-setup.service"
/* Magic init signals */
#define SPECIAL_KBREQUEST_TARGET "kbrequest.target"
diff --git a/src/core/unit.c b/src/core/unit.c
index 5d0b17425b..409668f6d2 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -866,11 +866,15 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
return 0;
if (c->private_tmp) {
- r = unit_require_mounts_for(u, "/tmp");
- if (r < 0)
- return r;
+ const char *p;
- r = unit_require_mounts_for(u, "/var/tmp");
+ FOREACH_STRING(p, "/tmp", "/var/tmp") {
+ r = unit_require_mounts_for(u, p);
+ if (r < 0)
+ return r;
+ }
+
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, NULL, true);
if (r < 0)
return r;
}