From 31ea9c89d49d16b912cd7c1f241f83402eb8c626 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Jul 2019 13:11:09 +0200
Subject: [PATCH] nspawn: explicitly load units beforehand so that DeviceAllow=
 syntax works

Yuck, but I don't see any prettier solution.

Fixes: #13130
---
 units/systemd-nspawn@.service.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
index c3194d4f21d..2473a730b47 100644
--- a/units/systemd-nspawn@.service.in
+++ b/units/systemd-nspawn@.service.in
@@ -16,6 +16,8 @@ After=network.target systemd-resolved.service
 RequiresMountsFor=/var/lib/machines
 
 [Service]
+# Make sure the DeviceAllow= lines below can properly resolve the 'block-loop' expression (and others)
+ExecStartPre=-/sbin/modprobe -abq tun loop dm-mod
 ExecStart=@bindir@/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i
 KillMode=mixed
 Type=notify