Because we live in the day and age where the new gods have taken over Linux, it’s a good idea to familiarize ourselves with their rituals. Some of them might seem strange to us, but some of them are actually very nice features. One of the features I really like about systemd are the built-in hardening capabilities.
The built-in options for hardening are quite extensive, and can best be compared to something like firejail. They both have similar capabilities, but firejail focuses more on desktop applications, whereas systemd hardening applies to systemd units. The hardening options are configured in the units service file, in the [Service] section.