diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 05d2c71..d0bc121 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1975,7 +1975,8 @@ static int register_machine(pid_t pid, int local_ifindex) {
                                 local_ifindex > 0 ? 1 : 0, local_ifindex);
         } else {
                 _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
-                char **i;
+                char **i, **j;
+                struct stat source_st;
 
                 r = sd_bus_message_new_method_call(
                                 bus,
@@ -2042,6 +2043,26 @@ static int register_machine(pid_t pid, int local_ifindex) {
                 if (r < 0)
                         return log_error_errno(r, "Failed to add device whitelist: %m");
 
+                STRV_FOREACH_PAIR(i, j, arg_bind) {
+                    if (stat(*i, &source_st) < 0)
+                            return log_error_errno(errno, "Failed to stat %s: %m", *i);
+                    if (S_ISBLK(source_st.st_mode)) {
+                            r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1, *i, "rw");
+                            if (r < 0)
+                                return log_error_errno(r, "Failed to append message arguments: %m");
+                    }
+                }
+
+                STRV_FOREACH_PAIR(i, j, arg_bind_ro) {
+                    if (stat(*i, &source_st) < 0)
+                            return log_error_errno(errno, "Failed to stat %s: %m", *i);
+                    if (S_ISBLK(source_st.st_mode)) {
+                            r = sd_bus_message_append(m, "(sv)", "DeviceAllow", "a(ss)", 1, *i, "r");
+                            if (r < 0)
+                                return log_error_errno(r, "Failed to append message arguments: %m");
+                    }
+                }
+
                 STRV_FOREACH(i, arg_property) {
                         r = sd_bus_message_open_container(m, 'r', "sv");
                         if (r < 0)