to exclude paths from clean-up as controlled with the Age
parameter. Note that lines of this type do not influence the
effect of <varname>r</varname> or <varname>R</varname>
- lines. Lines of this type accept shell-style globs in place
+ lines. Lines of this type accept shell-style globs in place
of normal path names. </para></listitem>
</varlistentry>
not exclude the content if path is a directory, but only
directory itself. Note that lines of this type do not
influence the effect of <varname>r</varname> or
- <varname>R</varname> lines. Lines of this type accept
+ <varname>R</varname> lines. Lines of this type accept
shell-style globs in place of normal path names.
</para></listitem>
</varlistentry>
<listitem><para>Adjust the access mode, group and user, and
restore the SELinux security context of a file or directory,
if it exists. Lines of this type accept shell-style globs in
- place of normal path names. </para></listitem>
+ place of normal path names.</para></listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>t</varname></term>
- <listitem><para>Set extended attributes on item. It may be
- used in conjunction with other types (only
- <varname>d</varname>, <varname>D</varname>,
- <varname>f</varname>, <varname>F</varname>,
- <varname>L</varname>, <varname>p</varname>,
- <varname>c</varname>, <varname>b</varname>, makes sense).
- If used as a standalone line, then
- <command>systemd-tmpfiles</command> will try to set extended
- attributes on specified path. This can be especially used
- to set SMACK labels. </para></listitem>
+ <listitem><para>Set extended attributes. Lines of this type
+ accept shell-style globs in place of normal path names.
+ This can be useful for setting SMACK labels.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>T</varname></term>
+ <listitem><para>Recursively set extended attributes. Lines
+ of this type accept shell-style globs in place of normal
+ path names. This can be useful for setting SMACK labels.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>a</varname></term>
+ <term><varname>a+</varname></term>
+ <listitem><para>Set POSIX ACLs (access control lists). If
+ suffixed with <varname>+</varname>, specified entries will
+ be added to the existing set.
+ <command>systemd-tmpfiles</command> will automatically add
+ the required base entries for user and group based on the
+ access mode of the file, unless base entries already exist
+ or are explictly specified. The mask will be added if not
+ specified explicitly or already present. Lines of this type
+ accept shell-style globs in place of normal path names. This
+ can be useful for allowing additional access to certain
+ files.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>A</varname></term>
+ <term><varname>A+</varname></term>
+ <listitem><para>Same as <varname>a</varname> and
+ <varname>a+</varname>, but recursive.</para></listitem>
</varlistentry>
</variablelist>
if omitted or when set to <literal>-</literal>, the file access
mode will not be modified. This parameter is ignored for
<varname>x</varname>, <varname>r</varname>,
- <varname>R</varname>, <varname>L</varname>, <varname>t</varname>
- lines.</para>
+ <varname>R</varname>, <varname>L</varname>, <varname>t</varname>,
+ and <varname>a</varname> lines.</para>
<para>Optionally, if prefixed with <literal>~</literal>, the
access mode is masked based on the already set access bits for
may either be a numeric user/group ID or a user or group
name. If omitted or when set to <literal>-</literal>, the
default 0 (root) is used. For <varname>z</varname>,
- <varname>Z</varname> lines, when omitted or when set to -, the
- file ownership will not be modified. These parameters are
- ignored for <varname>x</varname>, <varname>r</varname>,
- <varname>R</varname>, <varname>L</varname>, <varname>t</varname>
- lines.</para>
+ <varname>Z</varname> lines, when omitted or when set to
+ <literal>-</literal>, the file ownership will not be
+ modified. These parameters are ignored for <varname>x</varname>,
+ <varname>r</varname>, <varname>R</varname>,
+ <varname>L</varname>, <varname>t</varname>, and
+ <varname>a</varname> lines.</para>
</refsect2>
<refsect2>
is written to the file, suffixed by a newline. For
<varname>C</varname>, specifies the source file or
directory. For <varname>t</varname> determines extended
- attributes to be set. Ignored for all other lines.</para>
+ attributes to be set. For <varname>a</varname> determines
+ ACL attributes to be set. Ignored for all other lines.</para>
</refsect2>
</refsect1>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-tmpfiles</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-delta</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>attr</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>getfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>setfattr</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>setfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry project='man-pages'><refentrytitle>getfacl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>