Landing over night in systemd Git were several new tunables for offering better system security/protection. The systemd-udevd.service is also now run in a Seccomp-based sandbox to prohibit any network access…

Source: Phoronix – Systemd Adds New “ProtectSystem Strict” Option, Other New Tunables