diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go
index 20c9d9be8..23f862350 100644
--- a/pkg/prebuild/prepare.go
+++ b/pkg/prebuild/prepare.go
@@ -200,6 +200,11 @@ func SetFullSystemPolicy() error {
 		return err
 	}
 
+	// Set systemd unit drop-in files
+	if err := copyTo(paths.New("systemd/full/"), Root.Join("systemd")); err != nil {
+		return err
+	}
+
 	logging.Success("Configure AppArmor for full system policy")
 	return nil
 }
diff --git a/systemd/full/system/ModemManager.service b/systemd/full/system/ModemManager.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/ModemManager.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/e2scrub_reap.service b/systemd/full/system/e2scrub_reap.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/e2scrub_reap.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/fwupd-refresh.service b/systemd/full/system/fwupd-refresh.service
new file mode 100644
index 000000000..b11945a16
--- /dev/null
+++ b/systemd/full/system/fwupd-refresh.service
@@ -0,0 +1,3 @@
+[Service]
+ProtectKernelModules=no
+RestrictRealtime=no
\ No newline at end of file
diff --git a/systemd/full/system/irqbalance.service b/systemd/full/system/irqbalance.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/irqbalance.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/rngd.service b/systemd/full/system/rngd.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/rngd.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-homed.service b/systemd/full/system/systemd-homed.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/systemd-homed.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-hostnamed.service b/systemd/full/system/systemd-hostnamed.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/systemd-hostnamed.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-journald.service b/systemd/full/system/systemd-journald.service
new file mode 100644
index 000000000..0316a67c8
--- /dev/null
+++ b/systemd/full/system/systemd-journald.service
@@ -0,0 +1,3 @@
+[Service]
+NoNewPrivileges=no
+ProtectClock=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-localed.service b/systemd/full/system/systemd-localed.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/systemd-localed.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-logind.service b/systemd/full/system/systemd-logind.service
new file mode 100644
index 000000000..0316a67c8
--- /dev/null
+++ b/systemd/full/system/systemd-logind.service
@@ -0,0 +1,3 @@
+[Service]
+NoNewPrivileges=no
+ProtectClock=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-timedated.service b/systemd/full/system/systemd-timedated.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/systemd-timedated.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/systemd-userdbd.service b/systemd/full/system/systemd-userdbd.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/systemd-userdbd.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/upower.service b/systemd/full/system/upower.service
new file mode 100644
index 000000000..03d352890
--- /dev/null
+++ b/systemd/full/system/upower.service
@@ -0,0 +1,2 @@
+[Service]
+NoNewPrivileges=no
\ No newline at end of file
diff --git a/systemd/full/system/user@.service b/systemd/full/system/user@.service
new file mode 100644
index 000000000..05023d01d
--- /dev/null
+++ b/systemd/full/system/user@.service
@@ -0,0 +1,3 @@
+# TODO: works as intended on server, does not work on desktop
+# [Service]
+# AppArmorProfile=systemd-user
\ No newline at end of file