Date: 2022feb23 OS: Linux Q. Linux: sandbox services with systemd A. Add an `override.conf` file for the service. I went through the man page and considered each of the (many) possible options for some services I use and understand. You can see and the files and instructions here: https://github.com/dmdmdm/systemd_overrides The overrides improved score from `systemd-analyze security <service>`. Examples: Postfix when from an a score of 7.9 (Exposed) to 2.6 (OK). Apache (httpd) when from 9.2 (Unsafe) to 2.7 (OK). Samba (smb) when from 9.6 (Unsafe) to 2.5 (OK). Other services showed similar improvements. I hope they are useful to somebody.