Hello. These are basically just copy/pasted (with minor tweaks for Makefile) from my own override file running on two systems. Since I put in the work writing and testing these options/settings, I figured I’d share them and possibly have them upstreamed if deemed acceptable. [PATCH 1] tightens the unit down a good deal, which may be too much for some people’s systems. E.g., the ReadWritePaths path is the pacman.conf default, which is a fairly easy one to edit. If people run setups they use paccache.service with multiple pacman caches, they probably need to edit the .service file anyway, at with point they can also edit the ReadWritePaths to match their setup. [PATCH 2] basically just deprioritises that paccache process as much as possible. I split that out since it’s not hardening and it might not be something that would be wanted across all systems. Not sure what systems would have this be an important service that should not be as undisruptive as possible, but 🤷. -- Solidarity, Frederik “Freso” S. Olesen <https://freso.dk/>