<para>Note that whitelists defined this way should only reference device groups which are
resolvable at the time the unit is started. Any device groups not resolvable then are not added to
the device whitelist. In order to work around this limitation, consider extending service units
- with an <command>ExecStartPre=/sbin/modprobe…</command> line that loads the necessary
- kernel module implementing the device group if missing. Example: <programlisting>…
+ with a pair of <command>After=modprobe@xyz.service</command> and
+ <command>Wants=modprobe@xyz.service</command> lines that load the necessary kernel module
+ implementing the device group if missing.
+ Example: <programlisting>…
+[Unit]
+Wants=modprobe@loop.service
+After=modprobe@loop.service
+
[Service]
-ExecStartPre=-/sbin/modprobe -abq loop
DeviceAllow=block-loop
DeviceAllow=/dev/loop-control
…</programlisting></para>