diff --git a/plinth/modules/storage/data/lib/systemd/system/freedombox-udiskie.service b/plinth/modules/storage/data/lib/systemd/system/freedombox-udiskie.service
index a905d999c..99dfb5f69 100644
--- a/plinth/modules/storage/data/lib/systemd/system/freedombox-udiskie.service
+++ b/plinth/modules/storage/data/lib/systemd/system/freedombox-udiskie.service
@@ -21,6 +21,18 @@ Documentation=man:udiskie(1)
 
 [Service]
 ExecStart=/usr/bin/udiskie
+LockPersonality=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+RestrictAddressFamilies=AF_UNIX
+RestrictRealtime=yes
+SystemCallArchitectures=native
 
 [Install]
 WantedBy=multi-user.target