Dockerd run as ServiceUnit alters /tmp access

It's been my first success weeks developing Docker containers using dockerd along its plugins and recently i found out some problems after automating the daemon.

Tried to manipulate dockerd as a systemd unit which loads system-wide as root from /usr/lib/systemd/system/* but i'm suffering problem stated next;

• I want to run docker-daemon.service and containerd under specific user "docker", but i'm unsure how to set scope/slice capabilities.
• Don't know the functioning of Unit socket files or if it's actual unix-socket or file-descriptor or its actual file visibility isolation purpose.
• Once daemon starts, X11 won't load again, neither does APT since the service daemon alters /tmp permissions in some way. i've set /tmp in rw,exec,suid without success.
• I really don't quite completely follow up on Systemd security, so these options (LockPersonality, NoNewPrivileges, RestrictNamespaces, etc) are commented out.
  
  My sole interest is to understand if SYSCAPS or the previously cited safety operators on Service Units are capable of rendering the daemon and /tmp permissions usable.
  
  
  Here's my actual working files.
  
  docker-daemon.service

[Unit]
Description=Docker Daemon Service
Requires=docker-daemon.socket
ConditionUser=root

[Service]
Type=notify
Environment="DOCKER_TMPDIR=/tmp"
Environment="DOCKER_OPTS='--data-root /tmp/doc --dns 127.0.0.1 --log-level info --experimental -H unix://'"
#ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 --containerd=/run/containerd/containerd.sock
Environment="PATH=/opt/boot/docker/:/sbin/:$PATH"
ExecStart=/opt/boot/docker/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
#LockPersonality=yes
#MemoryDenyWriteExecute=yes
#NoNewPrivileges=no
Restart=on-failure
#RestrictNamespaces=no
#SystemCallArchitectures=native
#SystemCallFilter=@system-service
TimeoutSec=20
RestartSec=5
UMask=0077
Slice=session.slice

[Install]
Also=docker-daemon.socket
WantedBy=default.target

docker-daemon.socket

[Unit]
Description=Dockerd Daemon socket
ConditionUser=root

[Socket]
Priority=6
Backlog=5
ListenStream=%t/docker/docker

[Install]
WantedBy=sockets.target