[Unit]
Description=Test for PrivateDev=yes

[Service]
ExecStart=/bin/sh -c 'exit $(test ! -c /dev/mem)'
Type=oneshot
PrivateDevices=yes