diff --git a/cmd/tailscaled/tailscaled.service b/cmd/tailscaled/tailscaled.service
index 878e86341..7b847c54e 100644
--- a/cmd/tailscaled/tailscaled.service
+++ b/cmd/tailscaled/tailscaled.service
@@ -34,6 +34,8 @@ ProtectHome=true
 ProtectKernelTunables=true
 ProtectSystem=strict
 ReadWritePaths=/etc/
+ReadWritePaths=/run/
+ReadWritePaths=/var/run/
 RestrictSUIDSGID=true
 SystemCallArchitectures=native