diff --git a/scripts/systemd/gogs.service b/scripts/systemd/gogs.service
index d9f12e30e..3a89662a8 100644
--- a/scripts/systemd/gogs.service
+++ b/scripts/systemd/gogs.service
@@ -18,10 +18,13 @@ WorkingDirectory=/home/git/gogs
 ExecStart=/home/git/gogs/gogs web
 Restart=always
 Environment=USER=git HOME=/home/git
-# Hardening
+
+# Some distributions may not support these hardening directives. If you cannot start the service due
+# to an unknown option, comment out the ones not supported by your version of systemd.
 ProtectSystem=full
 PrivateDevices=yes
 PrivateTmp=yes
+NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target