Index: rtkit-0.13/rtkit-daemon.service.in
===================================================================
--- rtkit-0.13.orig/rtkit-daemon.service.in
+++ rtkit-0.13/rtkit-daemon.service.in
@@ -25,6 +25,18 @@ BusName=org.freedesktop.RealtimeKit1
 NotifyAccess=main
 CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_CHROOT CAP_SETGID CAP_SETUID
 PrivateNetwork=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# end of automatic additions 
 
 [Install]
 WantedBy=multi-user.target