[Unit] Description=Test for PrivateDev=yes [Service] ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)' Type=oneshot PrivateDevices=yes