Suggestion: Hardening the service file #236
Description
You could add the below to the SystemD unit file for startup for extra security:
[Service]
PrivateTmp=yes
PrivateUsers=yes
ProtectSystem=true
NoNewPrivileges=True
I've tested these on my own system and they don't conflict for me.