According to systemd.resource-control(5) globbing wildcards are not available for device node path specifications. The proper line should be: DeviceAllow=char-ipmidev rw However, adding such line alone does not work. I had to comment too: PrivateDevices=true Johannes, is PrivateDevices=false required when DeviceAllow is used?