diff --git a/contrib/packaging/bootloader-update.service b/contrib/packaging/bootloader-update.service
index 065f1730..5b6f487c 100644
--- a/contrib/packaging/bootloader-update.service
+++ b/contrib/packaging/bootloader-update.service
@@ -6,6 +6,10 @@ Documentation=https://github.com/coreos/bootupd
 Type=oneshot
 ExecStart=/usr/bin/bootupctl update
 RemainAfterExit=yes
+# Keep this stuff in sync with SYSTEMD_ARGS_BOOTUPD in general
+PrivateNetwork=yes
+ProtectHome=yes
+KillMode=mixed
 MountFlags=slave
 
 [Install]
diff --git a/src/cli/bootupctl.rs b/src/cli/bootupctl.rs
index 44cd56e2..8b42237c 100644
--- a/src/cli/bootupctl.rs
+++ b/src/cli/bootupctl.rs
@@ -6,20 +6,17 @@ use log::LevelFilter;
 use std::os::unix::process::CommandExt;
 use std::process::{Command, Stdio};
 
-static SYSTEMD_ARGS_BOOTUPD: &[&str] = &[
-    "--unit",
-    "bootupd",
-    "--property",
+static SYSTEMD_ARGS_BOOTUPD: &[&str] = &["--unit", "bootupd", "--pipe"];
+
+/// Keep these properties (isolation/runtime state) in sync with
+/// the systemd units in contrib/packaging/*.service
+static SYSTEMD_PROPERTIES: &[&str] = &[
     "PrivateNetwork=yes",
-    "--property",
     "ProtectHome=yes",
     // While only our main process during update catches SIGTERM, we don't
     // want systemd to send it to other processes.
-    "--property",
     "KillMode=mixed",
-    "--property",
     "MountFlags=slave",
-    "--pipe",
 ];
 
 /// `bootupctl` sub-commands.
@@ -171,6 +168,11 @@ fn ensure_running_in_systemd() -> Result<()> {
             .wait()?;
         let r = Command::new("systemd-run")
             .args(SYSTEMD_ARGS_BOOTUPD)
+            .args(
+                SYSTEMD_PROPERTIES
+                    .into_iter()
+                    .flat_map(|&v| ["--property", v]),
+            )
             .args(std::env::args())
             .exec();
         // If we got here, it's always an error