PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
-ReadOnlySystem=yes
-ProtectedHome=yes
+ProtectSystem=full
+ProtectHome=yes
+
+# If there are many split upjournal files we need a lot of fds to
+# access them all and combine
+LimitNOFILE=16384
[Install]
Also=systemd-journal-gatewayd.socket