InaccessibleDirectories

# On dirs

$ mkdir /tmp/bm-dir ; echo foo > /tmp/bm-dir/file ; sudo systemd-run -t -p ReadOnlyDirectories=/tmp/bm-dir/ sh -c 'echo bar >> /tmp/bm-dir/file; cat /tmp/bm-dir/file'
mkdir: cannot create directory ‘/tmp/bm-dir’: File exists
Running as unit run-r637b299dad174d8ba47b0a54df144b8b.service.
Press ^] three times within 1s to disconnect TTY.
/bin/sh: 1: cannot create /tmp/bm-dir/file: Read-only file system
foo

$ mkdir /tmp/bm-dir ; echo foo > /tmp/bm-dir/file ; sudo systemd-run -t -p InaccessibleDirectories=/tmp/bm-dir/ sh -c 'echo bar >> /tmp/bm-dir/file; cat /tmp/bm-dir/file'
mkdir: cannot create directory ‘/tmp/bm-dir’: File exists
Running as unit run-r2f944a47f53e4edb908d0d5730612546.service.
Press ^] three times within 1s to disconnect TTY.
/bin/sh: 1: cannot create /tmp/bm-dir/file: Read-only file system
cat: /tmp/bm-dir/file: No such file or directory

# On files

$ echo foo > /tmp/bm-file ; chmod 0777 /tmp/bm-file; sudo systemd-run -t -p ReadOnlyDirectories=/tmp/bm-file sh -c 'echo bar >> /tmp/bm-file; cat /tmp/bm-file'
Running as unit run-r21ed9b30afb840e5b55733ce8ac26475.service.
Press ^] three times within 1s to disconnect TTY.
/bin/sh: 1: cannot create /tmp/bm-file: Read-only file system
foo

$ echo foo > /tmp/bm-file ; chmod 0777 /tmp/bm-file; sudo systemd-run -t -p InaccessibleDirectories=/tmp/bm-file sh -c 'echo bar >> /tmp/bm-file; cat /tmp/bm-file'
Running as unit run-r461892cfc5534d739e4d493a1cd2571e.service.
Press ^] three times within 1s to disconnect TTY.
foo
bar

So ReadOnlyDirectories works both on files and directories.

But InaccessibleDirectories only works on directories.