diff --git a/cmd/fshim/ipc/payload.go b/cmd/fshim/ipc/payload.go
index 3ef2dac..92e51e8 100644
--- a/cmd/fshim/ipc/payload.go
+++ b/cmd/fshim/ipc/payload.go
@@ -13,6 +13,8 @@ type Payload struct {
 	Exec [2]string
 	// bwrap config
 	Bwrap *bwrap.Config
+	// path to outer home directory
+	Home string
 	// sync fd
 	Sync *uintptr
 
diff --git a/cmd/fshim/main.go b/cmd/fshim/main.go
index 6b27122..5aece38 100644
--- a/cmd/fshim/main.go
+++ b/cmd/fshim/main.go
@@ -81,6 +81,21 @@ func main() {
 		// not fatal
 	}
 
+	// ensure home directory as target user
+	if s, err := os.Stat(payload.Home); err != nil {
+		if os.IsNotExist(err) {
+			if err = os.Mkdir(payload.Home, 0700); err != nil {
+				fmsg.Fatalf("cannot create home directory: %v", err)
+			}
+		} else {
+			fmsg.Fatalf("cannot access home directory: %v", err)
+		}
+
+		// home directory is created, proceed
+	} else if !s.IsDir() {
+		fmsg.Fatalf("data path %q is not a directory", payload.Home)
+	}
+
 	var ic init0.Payload
 
 	// resolve argv0
diff --git a/internal/app/start.go b/internal/app/start.go
index 3736abd..cc13181 100644
--- a/internal/app/start.go
+++ b/internal/app/start.go
@@ -49,6 +49,7 @@ func (a *app) Start() error {
 			Argv:  a.seal.command,
 			Exec:  shimExec,
 			Bwrap: a.seal.sys.bwrap,
+			Home:  a.seal.sys.user.data,
 
 			Verbose: fmsg.Verbose(),
 		},