Index: fwupd-1.6.2/data/motd/fwupd-refresh.service.in =================================================================== --- fwupd-1.6.2.orig/data/motd/fwupd-refresh.service.in +++ fwupd-1.6.2/data/motd/fwupd-refresh.service.in @@ -13,5 +13,13 @@ SystemCallFilter=~@mount ProtectKernelModules=yes ProtectControlGroups=yes RestrictRealtime=yes +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelLogs=true +# end of automatic additions SuccessExitStatus=2 ExecStart=@bindir@/fwupdmgr refresh