diff --git a/polkadot/scripts/packaging/polkadot.service b/polkadot/scripts/packaging/polkadot.service
index 7fb549c97f8b9ee439e960d1ff233aff8a6bd514..8c5a483d4243e2a921a40a4b8a9b872efdbdaeb5 100644
--- a/polkadot/scripts/packaging/polkadot.service
+++ b/polkadot/scripts/packaging/polkadot.service
@@ -25,12 +25,13 @@ ProtectKernelTunables=true
 ProtectSystem=strict
 RemoveIPC=true
 RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
-RestrictNamespaces=true
+RestrictNamespaces=false
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
-SystemCallFilter=landlock_add_rule landlock_create_ruleset landlock_restrict_self seccomp
-SystemCallFilter=~@clock @module @mount @reboot @swap @privileged
+SystemCallFilter=landlock_add_rule landlock_create_ruleset landlock_restrict_self seccomp mount umount2
+SystemCallFilter=~@clock @module @reboot @swap @privileged
+SystemCallFilter=pivot_root
 UMask=0027
 
 [Install]