weird, I can't get this to work at all. The settings PrivateDevices=false DevicePolicy=closed DeviceAllow=char-ipmidev rw result in all devices being available to the service. I'll need to dig deeper