[Service]
SupplementaryGroups=docker
ReadWritePaths=/var/run/docker.sock