diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index d8a2a45b4..9cda6c2bb 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -63,7 +63,7 @@ ProtectHome=true
 ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectSystem=strict
-RuntimeDirectory=unbound
+RuntimeDirectory=@UNBOUND_RUN_DIR@
 ConfigurationDirectory=unbound
 StateDirectory=unbound
 RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
@@ -73,7 +73,7 @@ SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete
 RestrictNamespaces=yes
 LockPersonality=yes
 RestrictSUIDSGID=yes
-ReadWritePaths=@UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@ @UNBOUND_ROOTKEY_FILE@
+ReadWritePaths=@UNBOUND_CHROOT_DIR@ @UNBOUND_ROOTKEY_FILE@
 
 # Below rules are needed when chroot is enabled (usually it's enabled by default).
 # If chroot is disabled like chroot: "" then they may be safely removed.