[Service]
ExecStart=@rootlibexecdir@/systemd-importd
BusName=org.freedesktop.import1
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
+NoNewPrivileges=yes
WatchdogSec=1min
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=full
-ProtectHome=yes