diff --git a/dist/mastodon-sidekiq.service b/dist/mastodon-sidekiq.service
index 0bb0a800fe..e171475b56 100644
--- a/dist/mastodon-sidekiq.service
+++ b/dist/mastodon-sidekiq.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target
diff --git a/dist/mastodon-streaming.service b/dist/mastodon-streaming.service
index 1443ca1c88..0befc529aa 100644
--- a/dist/mastodon-streaming.service
+++ b/dist/mastodon-streaming.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target
diff --git a/dist/mastodon-web.service b/dist/mastodon-web.service
index 3383f33e3a..fd9e287706 100644
--- a/dist/mastodon-web.service
+++ b/dist/mastodon-web.service
@@ -38,7 +38,7 @@ PrivateMounts=true
 ProtectClock=true
 # System Call Filtering
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @reboot @resources @setuid @swap
+SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap
 
 [Install]
 WantedBy=multi-user.target