[Service]
ExecStart=@rootlibexecdir@/systemd-journal-gatewayd
+User=systemd-journal-gateway
+Group=systemd-journal-gateway
+SupplementaryGroups=systemd-journal
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectSystem=full
+ProtectHome=yes
[Install]
Also=systemd-journal-gatewayd.socket