In particular we upgrade /var/lib/container, /var/tmp and /tmp to
subvolumes.
# See tmpfiles.d(5) for details
# Clear tmp directories separately, to make them easier to override
-d /tmp 1777 root root 10d
-d /var/tmp 1777 root root 30d
+v /tmp 1777 root root 10d
+v /var/tmp 1777 root root 30d
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*
d /var/cache 0755 - - -
d /var/lib 0755 - - -
-d /var/lib/container 0700 - - -
+v /var/lib/container 0700 - - -
d /var/spool 0755 - - -