@@define RUNSYSD @@{RUN}/systemd

!/@@{RUN}/initctl$ p
/@@{RUNSYSD}$ d VarDir
!/@@{RUNSYSD}/fsck\\.progress$ s
!/@@{RUNSYSD}/cgroups-agent$ s
!/@@{RUNSYSD}(/(machines|resolve|seats|sessions|shutdown|system|transient|users|ask-password|generator(\\.late)?))?$ d
!/@@{RUNSYSD}/ask-password-block$ d
!/@@{RUNSYSD}/ask-password-block/[[:digit:]]+:[[:digit:]]+$ p
!/@@{RUNSYSD}/generator(\\.late)?/[^/]+\\.(requires|wants)$ d
!/@@{RUNSYSD}/generator(\\.late)?(/[^/]+\\.(requires|wants))?/[-\\\\_[:alnum:]@.]+\\.(swap|service|mount|sh|timer)$ l
!/@@{RUNSYSD}/generator(\\.late)?(/[^/]+\\.(requires|wants))?/[-\\\\_[:alnum:]@.]+\\.(swap|service|mount|sh|timer)$ f
!/@@{RUNSYSD}/inaccessible$ d
!/@@{RUNSYSD}/inaccessible/blk$ b
!/@@{RUNSYSD}/inaccessible/chr$ c
!/@@{RUNSYSD}/inaccessible/dir$ d
!/@@{RUNSYSD}/inaccessible/fifo$ p
!/@@{RUNSYSD}/inaccessible/reg$ f
!/@@{RUNSYSD}/inaccessible/sock$ s
!/@@{RUNSYSD}/incoming$ d
!/@@{RUNSYSD}/inhibit$ d
/@@{RUNSYSD}/inhibit/[12]$ f VarFile
/@@{RUNSYSD}/inhibit/[12]\\.ref$ p VarFile
!/@@{RUNSYSD}/io\\.system\\.ManagedOOM$ s
!/@@{RUNSYSD}/(notify|private)$ s
!/@@{RUNSYSD}/propagate(/systemd-(logind|networkd|resolved|udevd)\\.service)?$ d
!/@@{RUNSYSD}/resolve/resolv\\.conf$ f
!/@@{RUNSYSD}/seats/seat0$ f
!/@@{RUNSYSD}/sessions/c?[[:digit:]]+$ f
!/@@{RUNSYSD}/sessions/c?[[:digit:]]+\\.ref$ p
!/@@{RUNSYSD}/show-status$ f
!/@@{RUNSYSD}/systemd-units-load$ f
!/@@{RUNSYSD}/transient/session-c[0-9]+\\.scope$ f
!/@@{RUNSYSD}/transient/user-[0-9]+\\.slice$ f
/@@{RUNSYSD}/unit-root$ d RecreatedDir
/@@{RUNSYSD}/units$ d RecreatedDir
!/@@{RUNSYSD}/units/invocation:(session-c?[0-9]+\\.scope|[-\\\\@:[:alnum:]]+\\.service|([-_[:alnum:]]+|\\\\x2d)+\\.(mount|swap))$ l
!/@@{RUNSYSD}/units/invocation:dbus\\.socket$ l
/@@{RUNSYSD}/userdb$ d RecreatedDir
!/@@{RUNSYSD}/userdb/io\\.systemd\\.DynamicUser$ s
/@@{RUN}/tmpfiles\\.d/kmod\\.conf$ f VarFile
/@@{RUN}/credentials(/systemd-(sys(ctl|users)|tmpfiles-setup(-dev)?)\\.service)?$ d VarDir-i
!/@@{RUN}/user/[[:digit:]]{4}/systemd/units/invocation:dbus\\.socket$ l
!/(var/)?tmp/systemd-private-[[:xdigit:]]{32}-[-[:alnum:]]+\\.service-[[:alnum:]]{6}$ d
!/(var/)?tmp/systemd-private-[[:xdigit:]]{32}-[-[:alnum:]]+\\.service-[[:alnum:]]{6}/tmp$ d
!/var/lib/systemd/random-seed$ f

# add here rules for @@{RUNSYSD}/generator/dev/disk-by*
# those must depend on the partitioning scheme used

@@undef RUNSYSD
