diff --git a/src/core/namespace.c b/src/core/namespace.c
index c3bbb40680..c7ccaa5192 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -304,7 +304,7 @@ static int append_tmpfs_mounts(MountEntry **p, const TemporaryFileSystem *tmpfs,
         for (i = 0; i < n; i++) {
                 const TemporaryFileSystem *t = tmpfs + i;
                 _cleanup_free_ char *o = NULL, *str = NULL;
-                unsigned long flags = MS_NODEV|MS_STRICTATIME;
+                unsigned long flags;
                 bool ro = false;
 
                 if (!path_is_absolute(t->path)) {
@@ -312,29 +312,25 @@ static int append_tmpfs_mounts(MountEntry **p, const TemporaryFileSystem *tmpfs,
                         return -EINVAL;
                 }
 
-                if (!isempty(t->options)) {
-                        str = strjoin("mode=0755,", t->options);
-                        if (!str)
-                                return -ENOMEM;
+                str = strjoin("mode=0755,", t->options);
+                if (!str)
+                        return -ENOMEM;
 
-                        r = mount_option_mangle(str, MS_NODEV|MS_STRICTATIME, &flags, &o);
-                        if (r < 0)
-                                return log_debug_errno(r, "Failed to parse mount option '%s': %m", str);
+                r = mount_option_mangle(str, MS_NODEV|MS_STRICTATIME, &flags, &o);
+                if (r < 0)
+                        return log_debug_errno(r, "Failed to parse mount option '%s': %m", str);
 
-                        ro = flags & MS_RDONLY;
-                        if (ro)
-                                flags ^= MS_RDONLY;
-                }
+                ro = flags & MS_RDONLY;
+                if (ro)
+                        flags ^= MS_RDONLY;
 
                 *((*p)++) = (MountEntry) {
                         .path_const = t->path,
                         .mode = TMPFS,
                         .read_only = ro,
-                        .options_malloc = o,
+                        .options_malloc = TAKE_PTR(o),
                         .flags = flags,
                 };
-
-                o = NULL;
         }
 
         return 0;
diff --git a/test/test-execute/exec-temporaryfilesystem-ro.service b/test/test-execute/exec-temporaryfilesystem-ro.service
index c0e3721a01..c161aecc30 100644
--- a/test/test-execute/exec-temporaryfilesystem-ro.service
+++ b/test/test-execute/exec-temporaryfilesystem-ro.service
@@ -10,6 +10,9 @@ ExecStart=/bin/sh -c 'test -d /var/test-exec-temporaryfilesystem/rw && test -d /
 # Check TemporaryFileSystem= are empty
 ExecStart=/bin/sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done'
 
+# Check default mode
+ExecStart=sh -x -c 'test "$$(stat -c %%a /var)" = "755"'
+
 # Cannot create a file in /var
 ExecStart=/bin/sh -c '! touch /var/hoge'
 
diff --git a/test/test-execute/exec-temporaryfilesystem-rw.service b/test/test-execute/exec-temporaryfilesystem-rw.service
index 379ad066fb..bb830595bc 100644
--- a/test/test-execute/exec-temporaryfilesystem-rw.service
+++ b/test/test-execute/exec-temporaryfilesystem-rw.service
@@ -10,6 +10,9 @@ ExecStart=test -d /var/test-exec-temporaryfilesystem/rw -a -d /var/test-exec-tem
 # Check TemporaryFileSystem= are empty
 ExecStart=sh -c 'for i in $$(ls -A /var); do test $$i = test-exec-temporaryfilesystem || false; done'
 
+# Check default mode
+ExecStart=sh -x -c 'test "$$(stat -c %%a /var)" = "755"'
+
 # Create a file in /var
 ExecStart=touch /var/hoge