diff --git a/meson.build b/meson.build
index f41a811e2e1d2..6a474afdac33a 100644
--- a/meson.build
+++ b/meson.build
@@ -857,10 +857,13 @@ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)
 
 localegen_path = get_option('localegen-path')
 have = false
+writable = ''
 if localegen_path != ''
         conf.set_quoted('LOCALEGEN_PATH', localegen_path)
         have = true
+        writable = ' /usr/lib/locale'
 endif
+substs.set('SERVICE_LOCALEGEN_WRITABLE', writable)
 conf.set10('HAVE_LOCALEGEN', have)
 
 conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 652b956a34095..e60a173591118 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -33,7 +33,7 @@ ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
-ReadWritePaths=/etc
+ReadWritePaths=/etc@SERVICE_LOCALEGEN_WRITABLE@
 RestrictAddressFamilies=AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes