[Unit]
Description=Saikyo Antivirus Agent (report generator)

[Service]
Type=oneshot
ExecStart=/usr/sbin/saikyo-avd
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictSUIDSGID=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
ReadWritePaths=/var/lib/saikyo-av/reports