--- examples/chronyd.service.orig
+++ examples/chronyd.service
@@ -18,6 +18,15 @@ ExecStartPost=@CHRONY_HELPER@ update-dae
 PrivateTmp=yes
 ProtectHome=yes
 ProtectSystem=full
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+DeviceAllow=char-rtc
+DeviceAllow=char-ptp
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target