Is it possible to delay bind mounts (shared folders) for late /tmp initialization?

LXD 3.7, ArchLinux(host+container), unprivileged, dir driver

I want to bindmount /tmp/.X11-unix/X0 to allow running gui apps. The mounting itself works properly.

lxc config device add arch X0 disk source=/tmp/.X11-unix/X0 path=/tmp/.X11-unix/X0

The problem is the mount kicks in too early and gets overmounted by systemd/tmp.mount later during boot. It does other things (in /usr/lib/tmpfiles.d) as well so i guess i better do not completely disable/mask tmp.mount. After boot the mount table looks like this:

$ mount
/dev/sda2 on / type ext4 (rw,relatime,commit=30)
none on /dev type tmpfs (rw,relatime,size=492k,mode=755,uid=100000,gid=100000)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,relatime)
dev on /dev/full type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/null type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/random type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/tty type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/urandom type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/zero type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/fuse type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
dev on /dev/net/tun type devtmpfs (rw,nosuid,relatime,size=8185604k,nr_inodes=2046401,mode=755)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
tmpfs on /dev/lxd type tmpfs (rw,relatime,size=100k,mode=755)
tmpfs on /tmp/.X11-unix/X0 type tmpfs (rw,nosuid,nodev,relatime,size=14680064k)
tmpfs on /dev/.lxd-mounts type tmpfs (rw,relatime,size=100k,mode=711)
devpts on /dev/console type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=100005,mode=620,ptmxmode=666,max=1024)
devpts on /dev/ptmx type devpts (rw,nosuid,noexec,relatime,gid=100005,mode=620,ptmxmode=666,max=1024)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,uid=100000,gid=100000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755,uid=100000,gid=100000)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755,uid=100000,gid=100000)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,uid=100000,gid=100000)

Is it possible to delay the bind mount of LXD somehow to overcome this problem?

Edit: Looks like @simos doesn’t have that problem on Ubuntu on his X11 passthrough tutorial. He mounts into /tmp directly as well.
Maybe i should try to remove /tmp from tmp.mount and handle /tmp by LXD mount instead. Will give it a try.
Edit2: Eh, someone know how to create a tmpfs folder with LXD (native, not ‘raw.lxc’)? :neutral_face: Couldn’t figure it out.
Something like this (from LXC):

lxc.mount.entry = /tmp tmp tmpfs bind,none,create=dir 0 0"

You can’t delay mounts because it’s quite a bit of a pain to inject mounts later and it’d still be racy.

Your best bet is usually to mount things somewhere else, say /mnt/X11 and have a systemd unit in the container which moves it to the expected path (using mount --move) once the /tmp cleanup stuff is done.