diff --git a/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox b/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox
index d317b5b..bbbf496 100755
--- a/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox
+++ b/deploy/files/usr/local/libexec/left4me/left4me-script-sandbox
@@ -7,12 +7,16 @@
 #   <script_path>  absolute path to a bash file already written by the web app;
 #                  bind-mounted read-only at /script.sh inside the sandbox.
 #
-# The script runs under bubblewrap inside a transient systemd scope so we get
-# cgroup-v2 limits (memory / tasks / cpu) and a wallclock kill via
-# RuntimeMaxSec. The sandbox drops to the unprivileged l4d2-sandbox UID;
-# host filesystems are exposed read-only except /overlay (rw) and tmpfs
-# /tmp + /run. Network namespace is *not* unshared — scripts must reach the
-# public internet to download workshop / l4d2center / cedapug content.
+# The script runs as a transient systemd .service with the full hardening
+# surface: cgroup limits + walltime kill, NoNewPrivileges, ProtectSystem,
+# ProtectHome, kernel-tunable / -module / -log protection, namespace
+# restriction, address-family restriction, capability bounding (empty),
+# seccomp filter (@system-service @network-io), MemoryDenyWriteExecute,
+# LockPersonality, RestrictSUIDSGID. Network namespace is *not* restricted —
+# scripts must reach the public internet to download workshop / l4d2center
+# / cedapug content. PID namespace is shared with the host (no
+# PrivatePID= directive in systemd); host PIDs are visible via /proc but
+# not signal-able due to UID mismatch.
 set -euo pipefail
 
 [[ $# -eq 2 ]] || { echo "usage: $0 <overlay_id> <script>" >&2; exit 64; }
@@ -33,33 +37,31 @@ fi
 # Make sure the sandbox UID owns the overlay dir so the script can write there.
 # Idempotent: a no-op when the dir is already l4d2-sandbox-owned (re-run case),
 # and corrects the ownership the first time the dir was created by the web app
-# under the left4me UID. Group-readable so the gameserver process (left4me)
+# under the left4me UID. World-readable so the gameserver process (left4me)
 # can read the overlay contents via the kernel-overlayfs lowerdir at runtime.
 chown -R l4d2-sandbox:l4d2-sandbox "$OVERLAY_DIR"
 chmod 0755 "$OVERLAY_DIR"
 
-# UID/GID drop happens via systemd-run --uid/--gid before bwrap is invoked.
-# bwrap then runs unprivileged as l4d2-sandbox; --unshare-user-try gives it
-# the user-namespace context it needs for bind-mounts as a regular user.
-exec systemd-run --quiet --scope --collect \
-    --uid=l4d2-sandbox --gid=l4d2-sandbox \
+exec systemd-run --quiet --collect --wait --pipe \
+    --unit="left4me-script-${OVERLAY_ID}-$$" \
+    -p User=l4d2-sandbox -p Group=l4d2-sandbox \
+    -p NoNewPrivileges=yes \
+    -p ProtectSystem=strict -p ProtectHome=yes \
+    -p PrivateTmp=yes -p PrivateDevices=yes -p PrivateIPC=yes \
+    -p ProtectKernelTunables=yes -p ProtectKernelModules=yes \
+    -p ProtectKernelLogs=yes -p ProtectControlGroups=yes \
+    -p RestrictNamespaces=yes \
+    -p RestrictAddressFamilies="AF_INET AF_INET6 AF_UNIX" \
+    -p RestrictSUIDSGID=yes -p LockPersonality=yes \
+    -p MemoryDenyWriteExecute=yes \
+    -p SystemCallFilter="@system-service @network-io" \
+    -p SystemCallArchitectures=native \
+    -p CapabilityBoundingSet= -p AmbientCapabilities= \
+    -p TemporaryFileSystem="/etc /var/lib" \
+    -p BindReadOnlyPaths="/etc/resolv.conf /etc/ssl /etc/ca-certificates /etc/nsswitch.conf /etc/alternatives ${SCRIPT}:/script.sh" \
+    -p BindPaths="${OVERLAY_DIR}:/overlay" \
+    -p WorkingDirectory=/overlay \
+    -p Environment="HOME=/tmp PATH=/usr/bin:/usr/sbin OVERLAY=/overlay" \
     -p MemoryMax=4G -p MemorySwapMax=0 -p TasksMax=512 \
     -p CPUQuota=200% -p RuntimeMaxSec=3600 \
-    -- bwrap \
-        --die-with-parent --new-session \
-        --unshare-user-try \
-        --unshare-pid --unshare-ipc --unshare-uts --unshare-cgroup \
-        --proc /proc --dev /dev --tmpfs /tmp --tmpfs /run \
-        --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 \
-        --symlink usr/bin /bin --symlink usr/sbin /sbin \
-        --ro-bind /etc/resolv.conf /etc/resolv.conf \
-        --ro-bind /etc/ssl /etc/ssl \
-        --ro-bind /etc/ca-certificates /etc/ca-certificates \
-        --ro-bind /etc/nsswitch.conf /etc/nsswitch.conf \
-        --ro-bind /etc/alternatives /etc/alternatives \
-        --bind "$OVERLAY_DIR" /overlay \
-        --chdir /overlay \
-        --setenv HOME /tmp --setenv PATH /usr/bin:/usr/sbin \
-        --setenv OVERLAY /overlay \
-        --ro-bind "$SCRIPT" /script.sh \
-        /bin/bash /script.sh
+    -- /bin/bash /script.sh
diff --git a/deploy/tests/test_deploy_artifacts.py b/deploy/tests/test_deploy_artifacts.py
index 83f3104..53aeb27 100644
--- a/deploy/tests/test_deploy_artifacts.py
+++ b/deploy/tests/test_deploy_artifacts.py
@@ -321,22 +321,67 @@ def test_script_sandbox_helper_passes_shell_syntax_check():
     subprocess.run(["bash", "-n", str(SCRIPT_SANDBOX_HELPER)], check=True)
 
 
-def test_script_sandbox_helper_invokes_systemd_run_and_bwrap():
+def test_script_sandbox_helper_invokes_systemd_run_with_hardening():
     text = SCRIPT_SANDBOX_HELPER.read_text()
+
+    # systemd-run service mode (no --scope), with synchronous I/O to caller.
     assert "systemd-run" in text
-    assert "--scope" in text
+    assert "--scope" not in text, "v2 uses transient service units, not scopes"
+    assert "--pipe" in text
+    assert "--wait" in text
     assert "--collect" in text
+    assert "--unit=" in text
+
+    # No bwrap.
+    assert "bwrap" not in text
+    assert "bubblewrap" not in text
+
+    # UID drop via systemd directives.
+    assert "User=l4d2-sandbox" in text
+    assert "Group=l4d2-sandbox" in text
+
+    # Cgroup limits unchanged from v1.
     assert "MemoryMax=4G" in text
-    assert "RuntimeMaxSec=3600" in text
+    assert "MemorySwapMax=0" in text
     assert "TasksMax=512" in text
-    assert "bwrap" in text
-    assert "--unshare-pid" in text
-    assert "--unshare-net" not in text, "scripts must keep host network access"
-    # UID drop happens at systemd-run, not inside bwrap (modern bwrap requires
-    # --unshare-user for --uid; doing the drop earlier keeps file ownership
-    # straight on the host bind-mount).
-    assert "--uid=l4d2-sandbox" in text
-    assert "--gid=l4d2-sandbox" in text
+    assert "CPUQuota=200%" in text
+    assert "RuntimeMaxSec=3600" in text
+
+    # Hardening directives that v1 (scope mode) couldn't carry.
+    assert "NoNewPrivileges=yes" in text
+    assert "ProtectSystem=strict" in text
+    assert "ProtectHome=yes" in text
+    assert "PrivateTmp=yes" in text
+    assert "PrivateDevices=yes" in text
+    assert "PrivateIPC=yes" in text
+    assert "ProtectKernelTunables=yes" in text
+    assert "ProtectKernelModules=yes" in text
+    assert "ProtectKernelLogs=yes" in text
+    assert "ProtectControlGroups=yes" in text
+    assert "RestrictNamespaces=yes" in text
+    assert "RestrictSUIDSGID=yes" in text
+    assert "LockPersonality=yes" in text
+    assert "MemoryDenyWriteExecute=yes" in text
+    assert "SystemCallFilter=" in text
+    assert "@system-service" in text
+    assert "@network-io" in text
+    assert "CapabilityBoundingSet=" in text
+    assert "AmbientCapabilities=" in text
+    assert 'RestrictAddressFamilies="AF_INET AF_INET6 AF_UNIX"' in text
+
+    # Network namespace stays shared with host.
+    assert "PrivateNetwork=" not in text
+
+    # Mount setup: /etc and /var/lib masked with tmpfs; selective binds back.
+    assert 'TemporaryFileSystem="/etc /var/lib"' in text
+    assert "BindReadOnlyPaths=" in text
+    assert "/etc/resolv.conf" in text
+    assert "/etc/ssl" in text
+    assert "/etc/ca-certificates" in text
+    assert "/etc/nsswitch.conf" in text
+    assert "/etc/alternatives" in text
+    assert "${SCRIPT}:/script.sh" in text
+    assert 'BindPaths="${OVERLAY_DIR}:/overlay"' in text
 
 
 def test_script_sandbox_helper_validates_overlay_id():