Make PrivateTmp dirs also inaccessible from the outside

[elogind.git] / tmpfiles.d / tmp.conf

diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
index ef5a9f0f2cb31979e07e4b6f18939a721d7603a3..3b534a1f750c7339f1e81d5990e7ef135e6f3d9f 100644 (file)
--- a/tmpfiles.d/tmp.conf
+++ b/tmpfiles.d/tmp.conf
@@ -12,5 +12,7 @@ d /tmp 1777 root root 10d
 d /var/tmp 1777 root root 30d
 
 # Exclude namespace mountpoints created with PrivateTmp=yes
-X /tmp/systemd-private-*
-X /var/tmp/systemd-private-*
+x /tmp/systemd-private-*
+x /var/tmp/systemd-private-*
+X /tmp/systemd-private-*/tmp
+X /var/tmp/systemd-private-*/tmp