With systemd 235, playing "Black Mesa" in a systemd-nspawn container stopper working:
Running glxinfo gave the error
libGL error: failed to open drm device: Operation not permittedand strace showed:
open("/dev/dri/card0", O_RDWR|O_LARGEFILE|O_CLOEXEC) = -1 EPERM (Operation not permitted)The fix is to add
--property='DeviceAllow=/dev/dri/card0 rw'to the systemd-nspawn command line