Don't just permit creating and accessing selected directories, but allow
creating new directories as well. This avoids bugs with other software which
uses XDG_RUNTIME_DIR (such as pulseaudio). As this is by definition an
ephemeral and a private directory, there is no data leak from other users.
/{,var/}run/** rmkix,
/{,var/}run/shm/** wl,
# libpam-xdg-support
- owner /{,var/}run/user/guest-*/dconf/ rw,
- owner /{,var/}run/user/guest-*/dconf/user rw,
- owner /{,var/}run/user/guest-*/keyring-*/ rw,
- owner /{,var/}run/user/guest-*/keyring-*/{control,gpg,pkcs11,ssh} rw,
+ owner /{,var/}run/user/guest-*/** rw,
capability ipc_lock,