TemporaryFileSystem=/ can be used to limit the file system with just some necessary paths set by BindReadOnlyPaths/BindPaths to some files, depending on what the service needs. This does not mount /proc and /sys.
There are some [service] settings regarding proc such as: ProtectProc, ProtectKernelTunables, ProtectControlGroups, ProcSubset which re-introduce /proc. My question is if their most protective functions are active just because /proc is not present. If so, systemd-analyze security could be improved by recognizing that /proc isn't available. Examples: ProtectProc=invisible ProtectKernelTunables=true ProtectControlGroups=true ProcSubset=pid On another note, ProtectHostname=true seems to cause a systemd error in a limited file system. Any insights are appreciated.
