[Service]
SystemCallFilter=
SystemCallFilter=~@privileged
SystemCallFilter=~@resources

ProcSubset=
ProtectClock=
ProtectHostname=
ProtectKernelLogs=
ProtectProc=