Comment # 1 on bug 1207654 from Wolfgang Frisch

Since there was an older SR [1] from the security team still in flight, I
decided to implemented the changes myself [2]. I also went through the
suggested systemd hardenings and kept only those that don't interfere with the
elevated capabilities required by the capture plugins.

The new SR adds a new system user, drops all root privileges and incorporates
some of jsegitz' automated systemd hardenings, e.g. disable access to /home. I
tested basic WiFi capture functionality, which still works with the new
restrictions in place.

[1] https://build.opensuse.org/request/show/1046457
[2] https://build.opensuse.org/request/show/1063492