diff --git a/manifests/swh/deploy/worker/instance.pp b/manifests/swh/deploy/worker/instance.pp
--- a/manifests/swh/deploy/worker/instance.pp
+++ b/manifests/swh/deploy/worker/instance.pp
@@ -9,7 +9,8 @@
   $loglevel = 'info',
   $max_tasks_per_child = 5,
   $instance_name = $title,
-  $limit_no_file = 'None')
+  $limit_no_file = 'None',
+  $private_tmp = 'None')
 {
   include ::profile::swh::deploy::worker::base
   include ::systemd
diff --git a/manifests/swh/deploy/worker/swh_loader_mercurial.pp b/manifests/swh/deploy/worker/swh_loader_mercurial.pp
--- a/manifests/swh/deploy/worker/swh_loader_mercurial.pp
+++ b/manifests/swh/deploy/worker/swh_loader_mercurial.pp
@@ -14,7 +14,6 @@
 
   $service_name = 'swh_loader_mercurial'
 
-
   $packages = ['python3-swh.loader.mercurial']
 
   package {$packages:
@@ -29,6 +28,7 @@
     task_broker  => $task_broker,
     task_modules => $task_modules,
     task_queues  => $task_queues,
+    private_tmp  => true,
     require      => [
       File[$config_file],
     ],
diff --git a/manifests/swh/deploy/worker/swh_loader_svn.pp b/manifests/swh/deploy/worker/swh_loader_svn.pp
--- a/manifests/swh/deploy/worker/swh_loader_svn.pp
+++ b/manifests/swh/deploy/worker/swh_loader_svn.pp
@@ -25,6 +25,7 @@
     task_modules  => $task_modules,
     task_queues   => $task_queues,
     limit_no_file => $limit_no_file,
+    private_tmp   => true,
     require       => [
       Package[$packages],
       File[$config_file],
diff --git a/templates/swh/deploy/worker/parameters.conf.erb b/templates/swh/deploy/worker/parameters.conf.erb
--- a/templates/swh/deploy/worker/parameters.conf.erb
+++ b/templates/swh/deploy/worker/parameters.conf.erb
@@ -8,3 +8,6 @@
 <% if @limit_no_file != 'None' %>
 LimitNOFILE=<%= @limit_no_file %>
 <% end %>
+<% if @private_tmp != 'None' %>
+TmpPrivate=<%= @private_tmp %>
+<% end %>