Index: tvheadend-4.2.8/rpm/tvheadend.service
===================================================================
--- tvheadend-4.2.8.orig/rpm/tvheadend.service
+++ tvheadend-4.2.8/rpm/tvheadend.service
@@ -3,6 +3,17 @@ Description=Tvheadend - a TV streaming s
 After=network.target auditd.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=/etc/sysconfig/tvheadend
 ExecStart=/usr/bin/tvheadend -f -p /run/tvheadend.pid $OPTIONS
 PIDFile=/run/tvheadend.pid