diff --git a/conf/systemd.service b/conf/systemd.service
index 2feee3a..01b36a3 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -17,5 +17,35 @@ ExecStart=/usr/bin/xinit /usr/bin/dbus-launch --exit-with-session /usr/bin/kodi
 Restart=on-abort
 RestartSec = 5
 
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/install b/scripts/install
index a6e5f51..e62b917 100644
--- a/scripts/install
+++ b/scripts/install
@@ -169,7 +169,7 @@ usermod -a -G cdrom,audio,video,plugdev,users,dialout,dip,input,netdev "$app"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --log "$final_path/.kodi/temp/kodi.log" --needs_exposed_ports $port
+yunohost service add $app --description=media center --log="$final_path/.kodi/temp/kodi.log" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE
diff --git a/scripts/restore b/scripts/restore
index 5193272..c650e85 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -53,8 +53,6 @@ fi
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..."
 
-ynh_webpath_available --domain=$domain --path_url=$path_url \
-	|| ynh_die --message="Path not available: ${domain}${path_url}"
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 
@@ -148,7 +146,7 @@ usermod -a -G cdrom,audio,video,plugdev,users,dialout,dip,input,netdev "$app"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="media center" --log="$final_path/.kodi/temp/kodi.log" --needs_exposed_ports $port
+yunohost service add $app --description="media center" --log="$final_path/.kodi/temp/kodi.log" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE
diff --git a/scripts/upgrade b/scripts/upgrade
index a168fb4..7f214cd 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -150,7 +150,7 @@ usermod -a -G cdrom,audio,video,plugdev,users,dialout,dip,input,netdev "$app"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="media center" --log="$final_path/.kodi/temp/kodi.log" --needs_exposed_ports $port
+yunohost service add $app --description="media center" --log="$final_path/.kodi/temp/kodi.log" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE