Index: loki-2.2.1+git.1617669398.babea82e/docs/sources/clients/aws/ec2/promtail.service
===================================================================
--- loki-2.2.1+git.1617669398.babea82e.orig/docs/sources/clients/aws/ec2/promtail.service
+++ loki-2.2.1+git.1617669398.babea82e/docs/sources/clients/aws/ec2/promtail.service
@@ -1,6 +1,18 @@
 [Unit]
 Description=Promtail
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 User=root
 WorkingDirectory=/opt/promtail/
 ExecStartPre=/bin/sleep 30