RE: Protect your Raspberry PI SD card, use Read-Only filesystem

Thanks a lot for this tutorial!
On debian jessie /usr/lib/tmpfiles.d/var.conf chmods /var/spool to 0755. This means that /tmp is changed to 0755 as well because we changed /var/spool to point to /tmp. So the /var/spool line in /usr/lib/tmpfiles.d/var.conf has to be commented out.
/run and /run/lock are tmpfs already, maybe they are better softlink targets than /tmp.