diff --git a/src/core/manager.c b/src/core/manager.c
index 7b394794b0..b233b9025f 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -3778,11 +3778,11 @@ static int manager_execute_generators(Manager *m, char **paths, bool remount_ro)
         if (remount_ro) {
                 /* Remount most of the filesystem tree read-only. We leave /sys/ as-is, because our code
                  * checks whether it is read-only to detect containerized execution environments. We leave
-                 * /run/ as-is too, because that's where our output goes. We also leave /proc/ and /dev/shm/
+                 * /run/ as-is too, because that's where our output goes. We also leave /proc/ and /dev/
                  * because they're API, and /tmp/ that safe_fork() mounted for us.
                  */
                 r = bind_remount_recursive("/", MS_RDONLY, MS_RDONLY,
-                                           STRV_MAKE("/sys", "/run", "/proc", "/dev/shm", "/tmp"));
+                                           STRV_MAKE("/sys", "/run", "/proc", "/dev", "/tmp"));
                 if (r < 0)
                         log_warning_errno(r, "Read-only bind remount failed, ignoring: %m");
         }