Harden Linux services using the systemd unit setting PrivateDevices, to restrict access to files in /dev and limit those to common pseudo-devices.
Devices
Articles about Devices
Harden system and user services on Linux by restricting systemd units to access devices in the /dev directory with the unit setting DevicePolicy.
Restrict systemd units to access devices in the /dev directory with the unit setting DeviceAllow. Learn how to configure it for your services.