diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index 16c905cdd6252..e02584ff24795 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -59,6 +59,9 @@ ProtectSystem=full
 # Doesn't yet work properly with SELinux enabled
 # NoNewPrivileges=true
 
+# Restrict modifications of cgroups from the MariaDB service context.
+ProtectControlGroups=true
+
 # Prevent accessing /home, /root and /run/user
 ProtectHome=true
 
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
index 3fd37c38862cb..5f16821835cf7 100644
--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -190,6 +190,9 @@ ProtectSystem=full
 # (https://github.com/systemd/systemd/issues/3845)
 # NoNewPrivileges=true
 
+# Restrict modifications of cgroups from the MariaDB service context.
+ProtectControlGroups=true
+
 # Prevent accessing /home, /root and /run/user
 ProtectHome=true