d /var/tmp 1777 root root 30d
# Exclude namespace mountpoints created with PrivateTmp=yes
-X /tmp/systemd-private-*
-X /var/tmp/systemd-private-*
+x /tmp/systemd-private-*
+x /var/tmp/systemd-private-*
+X /tmp/systemd-private-*/tmp
+X /var/tmp/systemd-private-*/tmp