---
 nvmet.service |   10 ++++++++++
 1 file changed, 10 insertions(+)

--- a/nvmet.service
+++ b/nvmet.service
@@ -5,6 +5,16 @@ After=sys-kernel-config.mount network-on
 Wants=network-online.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/sbin/nvmetcli restore