diff --git a/lib/systemd/system/lastore-daemon.service b/lib/systemd/system/lastore-daemon.service
index 16c229360..0e0d98c3d 100644
--- a/lib/systemd/system/lastore-daemon.service
+++ b/lib/systemd/system/lastore-daemon.service
@@ -10,7 +10,8 @@ After=display-manager.service
 # PrivateDevices=true is not set because grub-mkconfig is executed when creating backup deployment.
 # PrivateTmp=true is not set because it relies on /tmp to record state.
 # ProtectHome=true is not set because sudo is needed to connect to the user Session Bus and send DDE message notifications.
-# ProtectKernelModules=true is not set because kernel packages need to be installed
+# ProtectKernelModules=true is not set because kernel packages need to be installed.
+# ProtectKernelTunables=true is not set because some packages may need to set kernel parameters during package operations.
 # ProtectProc=true is not set because it needs to access caller process environment variables.
 # ProtectSystem=strict is not set because dpkg needs to be called to upgrade the system.
 # RestrictSUIDSGID=true is not set because some packages may need to set SUID and SGID during installation.
@@ -22,7 +23,6 @@ ExecStart=/usr/libexec/lastore-daemon/lastore-daemon
 NoNewPrivileges=true
 PrivateIPC=true
 ProtectClock=true
-ProtectKernelTunables=true
 RuntimeDirectory=lastore
 RuntimeDirectoryMode=0750
 StandardError=null