A bind mount makes one directory appear at a second location. As a .mount unit it’s ordered and managed by systemd (handy when a service must wait for the bind to exist).

The unit

Mounting /srv/app/data at /var/lib/app — save as /etc/systemd/system/var-lib-app.mount:

[Unit]
Description=Bind /srv/app/data to /var/lib/app

[Mount]
What=/srv/app/data
Where=/var/lib/app
Type=none
Options=bind

[Install]
WantedBy=multi-user.target

Type=none + Options=bind is the bind-mount combination (mirrors mount --bind).
The filename is the escaped target path: systemd-escape -p --suffix=mount /var/lib/app → var-lib-app.mount.
For a read-only bind, the kernel needs a second step; add it with Options=bind,ro on modern kernels/systemd, or use a ReadWritePaths=/BindReadOnlyPaths= directive inside the consuming service instead.

Enable and verify

sudo mkdir -p /srv/app/data /var/lib/app
sudo systemctl daemon-reload
sudo systemctl enable --now var-lib-app.mount
findmnt /var/lib/app

Order a service after it

# in your service unit:
[Unit]
RequiresMountsFor=/var/lib/app

RequiresMountsFor= automatically adds the right ordering and requirement on whatever mount provides that path — cleaner than naming the .mount by hand.

Gotchas: both source and target directories must exist. For per-service private bind mounts (sandboxing), prefer BindPaths=/BindReadOnlyPaths= directly in the service unit over a standalone .mount. Read-only bind behavior varies by kernel age — verify with findmnt -o TARGET,OPTIONS /var/lib/app.

Create a bind mount as a systemd unit

The unit

Enable and verify

Order a service after it