diff --git a/README.md b/README.md
index 4d2dc9b..360eb74 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,9 @@ clipmenu is a simple clipboard manager using [dmenu][] and [xsel][].
 Start `clipmenud`, then run `clipmenu` to select something to put on the
 clipboard.
 
+A systemd user service for starting clipmenud is included at
+[init/clipmenud.service](https://github.com/cdown/clipmenu/blob/develop/init/clipmenud.service).
+
 All args passed to clipmenu are transparently dispatched to dmenu. That is, if
 you usually call dmenu with args to set colours and other properties, you can
 invoke clipmenu in exactly the same way to get the same effect, like so:
diff --git a/init/clipmenud.service b/init/clipmenud.service
new file mode 100644
index 0000000..029ad0c
--- /dev/null
+++ b/init/clipmenud.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Clipmenu daemon
+
+[Service]
+ExecStart=/usr/bin/clipmenud
+Restart=always
+RestartSec=0
+Environment=DISPLAY=:0
+
+SystemCallFilter=@basic-io @default @io-event @ipc @network-io @process \
+                 brk fadvise64 getegid geteuid getgid getgroups getpgrp \
+                 getpid getppid getrlimit getuid ioctl mprotect rt_sigaction \
+                 rt_sigprocmask setitimer setsid sysinfo umask uname wait4
+
+# @file-system will handle this once v233 is released, see
+# http://bit.ly/2l1r8Ah for more details.
+SystemCallFilter=access chdir close faccessat fcntl fstat getcwd mkdir mmap \
+                 munmap open stat statfs unlink
+
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=
+RestrictRealtime=yes
+
+ProtectSystem=strict
+ReadWritePaths=/tmp
+
+[Install]
+WantedBy=default.target