diff --git a/scripts/systemd/falcoctl-artifact-follow.service b/scripts/systemd/falcoctl-artifact-follow.service
index 1fe73980..0089e84a 100644
--- a/scripts/systemd/falcoctl-artifact-follow.service
+++ b/scripts/systemd/falcoctl-artifact-follow.service
@@ -14,6 +14,7 @@ Restart=on-failure
 PrivateTmp=true
 NoNewPrivileges=yes
 ProtectSystem=true
+ReadWriteDirectories=/usr/share/falco
 ProtectKernelTunables=true
 RestrictRealtime=true