[Exec]
PrivateUsers=no
Capability=all
SystemCallFilter=@default @raw-io @system-service @known

[Files]
# binds host kodi home folder into nspawn
Bind=/var/lib/kodi

# device access
Bind=/dev/bus/usb
Bind=/dev/dri
Bind=/dev/input
Bind=/dev/lirc0
Bind=/dev/tty0
Bind=/dev/tty1
Bind=/dev/vga_arbiter
Bind=/lib/modules
# pulse need to be started in system mode with the following module and option:
# load-module module-native-protocol auth-authorize-anonymous
BindReadOnly=/run/pulse