diff --git a/conf/systemd.service b/conf/systemd.service
index b26c0df..f2c1d98 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -32,7 +32,8 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+# We need to allow priviledged to enable chromium access to gpu
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
diff --git a/scripts/upgrade b/scripts/upgrade
index 14e7d60..2d95ecb 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -104,7 +104,11 @@ complete_install=false
 # Check if we need to clean up old bad installs
 if [ -f "$final_path/package.json" ]; then
   complete_install=true
-  ynh_secure_remove --file="$final_path/*"
+  ynh_secure_remove --file="$final_path"
+  mkdir "$final_path"
+  chmod 750 "$final_path"
+  chmod -R o-rwx "$final_path"
+  chown -R $app:$app "$final_path"
 fi
 
 #=================================================