Hello, I'm working on a shell script that makes use of run0, and I'm having trouble figuring out how to escape a file path in the --property option. I want to use --property="ProtectSystem=strict" and --property="ReadWritePaths=[...]" to limit the transient service unit's write access to only the files it needs access to (as a sandboxing measure), but one of the paths comes from user input and could have any characters that are valid in a file path (including spaces and, in principle, any Unicode characters except NUL), so it needs to be escaped.
I'm aware of systemd-escape but I'm unsure of how to use it with arguments to run0; if I simply do something like --property="ReadWritePaths=$(systemd-escape --path "$filename")", I get an error: "Failed to start transient service unit: Invalid ReadWritePaths". But if I pass in an unescaped filename with spaces, I also get this error. What's the right way to do this? Thanks, Daniel
