Index: syncthing/etc/linux-systemd/system/syncthing@.service
===================================================================
--- syncthing.orig/etc/linux-systemd/system/syncthing@.service
+++ syncthing/etc/linux-systemd/system/syncthing@.service
@@ -16,6 +16,17 @@ RestartForceExitStatus=3 4
 # Hardening
 ProtectSystem=full
 PrivateTmp=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 SystemCallArchitectures=native
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true