+# Mount /tmp publicly accessable. Based on patch by Michael Demeter <michael.demeter@intel.com>.
+# Upstream systemd temporarily had SmackFileSystemRoot for this (https://github.com/systemd/systemd/pull/1664),
+# but it was removed again (https://github.com/systemd/systemd/issues/1696) because
+# util-linux mount will ignore smackfsroot when Smack is not active. However,
+# busybox is not that intelligent.
+#
+# When using busybox mount, adding smackfsroot=* and booting without
+# Smack (i.e. security=none), tmp.mount will fail with an error about
+# "Bad mount option smackfsroot".
+[Mount]
+Options=smackfsroot=*
+