use unveil(2) to limit execution to
- restarting itself
- xdg-open(1) aka. to open the web interface

Index: cmd/syncthing/main.go
--- cmd/syncthing/main.go.orig
+++ cmd/syncthing/main.go
@@ -31,6 +31,8 @@ import (
 	"text/tabwriter"
 	"time"
 
+	"golang.org/x/sys/unix"
+
 	"github.com/alecthomas/kong"
 	"github.com/gofrs/flock"
 	"github.com/thejerf/suture/v4"
@@ -213,6 +215,24 @@ func defaultVars() kong.Vars {
 func main() {
 	// Create a parser with an overridden help function to print our extra
 	// help info.
+
+	if err := unix.Unveil("/", "rwc"); err != nil {
+		panic(err)
+	}
+
+	if err := unix.Unveil("/usr/local/bin/syncthing", "rx"); err != nil {
+		panic(err)
+	}
+
+	if err := unix.Unveil("/usr/local/bin/xdg-open", "rx"); err != nil {
+		panic(err)
+	}
+
+	if err := unix.UnveilBlock(); err != nil {
+		panic(err)
+	}
+
+
 	var entrypoint CLI
 	parser, err := kong.New(
 		&entrypoint,
