systemd/tmpfiles.d/systemd.conf.in

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See tmpfiles.d(5) for details

d /run/user 0755 root root -
{% if ENABLE_UTMP %}
F! /run/utmp 0664 root utmp -
{% endif %}

d /run/systemd/ask-password 0755 root root -
d /run/systemd/seats 0755 root root -
d /run/systemd/sessions 0755 root root -
d /run/systemd/users 0755 root root -
d /run/systemd/machines 0755 root root -
d /run/systemd/shutdown 0755 root root -

d /run/log 0755 root root -

z /run/log/journal 2755 root systemd-journal - -
Z /run/log/journal/%m ~2750 root systemd-journal - -
{% if HAVE_ACL %}
{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %}
a+ /run/log/journal    - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x
a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x
a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r--
{% elif ENABLE_ADM_GROUP %}
a+ /run/log/journal    - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x
a+ /run/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x
a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--
{% elif ENABLE_WHEEL_GROUP %}
a+ /run/log/journal    - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x
a+ /run/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x
a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r--
{% endif %}
{% endif %}

z /var/log/journal 2755 root systemd-journal - -
z /var/log/journal/%m 2755 root systemd-journal - -
z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
{% if HAVE_ACL %}
{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %}
a+ /var/log/journal    - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
{% elif ENABLE_ADM_GROUP %}
a+ /var/log/journal    - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--
{% elif ENABLE_WHEEL_GROUP %}
a+ /var/log/journal    - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:wheel:r--
{% endif %}
{% endif %}

d /var/lib/systemd 0755 root root -
d /var/lib/systemd/coredump 0755 root root 2w
# Files and directories in /var/lib/systemd/ephemeral-trees are locked by pid 1 to prevent tmpfiles from
# removing them, and tmpfiles is told to clean up anything in /var/lib/systemd/ephemeral-trees that isn't
# locked unconditionally.
d /var/lib/systemd/ephemeral-trees 0755 root root 0

d /var/lib/private 0700 root root -
d /var/log/private 0700 root root -
d /var/cache/private 0700 root root -

{% if ENABLE_EFI %}
# Copy sd-stub provided PCR signature and public key file from initrd into /run/, so that it will survive the initrd stage
C /run/systemd/tpm2-pcr-signature.json 0444 root root - /.extra/tpm2-pcr-signature.json
C /run/systemd/tpm2-pcr-public-key.pem 0444 root root - /.extra/tpm2-pcr-public-key.pem
{% endif %}