diff --git a/exec_borg.sh b/exec_borg.sh
index 3d1048c..d58ada3 100755
--- a/exec_borg.sh
+++ b/exec_borg.sh
@@ -22,11 +22,11 @@ exec systemd-run --quiet --collect --unit=temp-borg-init-sandbox.service \
 	--pipe < /etc/borg/$NAME/borg_passphrase \
 	--working-directory=/tmp \
 	-p "ConfigurationDirectory=borg/$NAME" \
-	-p "CacheDirectory=borg/$NAME" \
 	-p "ConfigurationDirectoryMode=550" \
+	-p "CacheDirectory=borg/$NAME" \
 	-p "CacheDirectoryMode=550" \
 	-p "PrivateTmp=yes" \
-	-p "ReadOnlyDirectories=/" \
+	-p "ReadOnlyPaths=/ /etc/borg/$NAME" \
 	-p "ReadWritePaths=/root/.ssh/known_hosts" \
 	-p "EnvironmentFile=/etc/borg/$NAME/config.env" \
 	--setenv=BORG_PASSPHRASE_FD=0 \