diff --git a/e2fsprogs.changes b/e2fsprogs.changes
index 4d79f49..e12418a 100644
--- a/e2fsprogs.changes
+++ b/e2fsprogs.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Sep 14 07:03:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_e2scrub@.service.patch
+  * harden_e2scrub_all.service.patch
+  * harden_e2scrub_fail@.service.patch
+  * harden_e2scrub_reap.service.patch
+
 -------------------------------------------------------------------
 Mon Aug  2 20:47:09 UTC 2021 - Jan Kara <jack@suse.cz>
 
diff --git a/e2fsprogs.spec b/e2fsprogs.spec
index 7aefcf2..a640da7 100644
--- a/e2fsprogs.spec
+++ b/e2fsprogs.spec
@@ -89,6 +89,10 @@ Source5:        https://thunk.org/tytso/tytso-key.asc#/%{name}.keyring
 Patch3:         libcom_err-compile_et_permissions.patch
 Patch4:         e2fsprogs-1.42-implicit_fortify_decl.patch
 Patch5:         e2fsprogs-1.42-ext2fsh_implicit.patch
+Patch6:	harden_e2scrub@.service.patch
+Patch7:	harden_e2scrub_all.service.patch
+Patch8:	harden_e2scrub_fail@.service.patch
+Patch9:	harden_e2scrub_reap.service.patch
 # Do not suppress make commands
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -253,6 +257,10 @@ Development files for the com_err error message display library. Static librarie
 %patch4
 %patch5
 cp %{SOURCE2} .
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %build
 %global _lto_cflags %{_lto_cflags} -ffat-lto-objects
diff --git a/harden_e2scrub@.service.patch b/harden_e2scrub@.service.patch
new file mode 100644
index 0000000..5a4c82c
--- /dev/null
+++ b/harden_e2scrub@.service.patch
@@ -0,0 +1,21 @@
+Index: e2fsprogs-1.46.3/scrub/e2scrub@.service.in
+===================================================================
+--- e2fsprogs-1.46.3.orig/scrub/e2scrub@.service.in
++++ e2fsprogs-1.46.3/scrub/e2scrub@.service.in
+@@ -10,6 +10,16 @@ PrivateNetwork=true
+ ProtectSystem=true
+ ProtectHome=read-only
+ PrivateTmp=yes
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
+ NoNewPrivileges=yes
+ User=root
diff --git a/harden_e2scrub_all.service.patch b/harden_e2scrub_all.service.patch
new file mode 100644
index 0000000..fbcd365
--- /dev/null
+++ b/harden_e2scrub_all.service.patch
@@ -0,0 +1,23 @@
+Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
+===================================================================
+--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
++++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
+@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO
+ Documentation=man:e2scrub_all(8)
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=oneshot
+ Environment=SERVICE_MODE=1
+ ExecStart=@root_sbindir@/e2scrub_all
diff --git a/harden_e2scrub_fail@.service.patch b/harden_e2scrub_fail@.service.patch
new file mode 100644
index 0000000..d8c2d2d
--- /dev/null
+++ b/harden_e2scrub_fail@.service.patch
@@ -0,0 +1,23 @@
+Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
+===================================================================
+--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
++++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
+@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F
+ Documentation=man:e2scrub(8)
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=oneshot
+ ExecStart=@pkglibdir@/e2scrub_fail "%I"
+ User=mail
diff --git a/harden_e2scrub_reap.service.patch b/harden_e2scrub_reap.service.patch
new file mode 100644
index 0000000..8491e15
--- /dev/null
+++ b/harden_e2scrub_reap.service.patch
@@ -0,0 +1,21 @@
+Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
+===================================================================
+--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
++++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
+@@ -11,6 +11,16 @@ PrivateNetwork=true
+ ProtectSystem=true
+ ProtectHome=read-only
+ PrivateTmp=yes
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
+ NoNewPrivileges=yes
+ User=root