diff --git a/objectifier-module.nix b/objectifier-module.nix
index 52e586d..66975a6 100644
--- a/objectifier-module.nix
+++ b/objectifier-module.nix
@@ -63,17 +63,18 @@ in {
         OBJECTIFIER_BUFFER_SIZE = "524288";
         OBJECTIFIER_CLEANUP_MAX_AGE = toString cfg.cleanup.max_file_age;
         OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay;
+        TMPDIR = "/tmp";
       };
       serviceConfig = {
         PrivateUsers = true;
         PrivateDevices = true;
-        # PrivateTmp = true;
-        # PrivateMounts = true;
-        # ProtectControlGroups = true;
+        PrivateTmp = true;
+        PrivateMounts = true;
+        ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
-        # ProtectSystem = true;
-        # ProtectHostname = true;
+        ProtectSystem = true;
+        ProtectHostname = true;
         ProtectHome = true;
         ProtectClock = true;
         ProtectKernelLogs = true;