diff --git a/conf/bookwyrm-server.service b/conf/bookwyrm-server.service
index ad31bf8..3be1160 100644
--- a/conf/bookwyrm-server.service
+++ b/conf/bookwyrm-server.service
@@ -15,7 +15,7 @@ ProtectSystem=strict
 ProtectHome=tmpfs
 #InaccessiblePaths=-/media -/mnt -/srv
 PrivateTmp=yes
-TemporaryFileSystem=/var /run
+#TemporaryFileSystem=/var /run
 #PrivateUsers=true
 PrivateDevices=true
 BindReadOnlyPaths=__INSTALL_DIR__
diff --git a/conf/bookwyrm-worker.service b/conf/bookwyrm-worker.service
index 135c633..f3e9a12 100644
--- a/conf/bookwyrm-worker.service
+++ b/conf/bookwyrm-worker.service
@@ -32,12 +32,6 @@ ProtectControlGroups=true
 RestrictRealtime=true
 RestrictNamespaces=net
 
-NoNewPrivileges=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-DevicePolicy=closed
-ProtectProc=invisible
-SystemCallArchitectures=native
-#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html