diff --git a/Makefile.am b/Makefile.am
index fe02765b5aeeb17d1eb2a555f6e6a910e7d02ceb..3436f6c5db4f11d2b8cf1b2f5c49dfbf6b818710 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,6 +12,7 @@ EXTRA_DIST =			\
 	etc/init.d.slurmdbd	\
 	etc/cgroup.conf.example \
 	etc/cgroup.release_common.example \
+	etc/cgroup_allowed_devices_file.conf.example \
 	autogen.sh		\
 	slurm.spec		\
 	README.rst		\
diff --git a/Makefile.in b/Makefile.in
index c22b01ead29e5f921001d14c71b327179cbee368..5957ece7c467cfd186154dc520240f33a5291aab 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -379,6 +379,7 @@ EXTRA_DIST = \
 	etc/init.d.slurmdbd	\
 	etc/cgroup.conf.example \
 	etc/cgroup.release_common.example \
+	etc/cgroup_allowed_devices_file.conf.example \
 	autogen.sh		\
 	slurm.spec		\
 	README.rst		\
diff --git a/doc/man/man5/cgroup.conf.5 b/doc/man/man5/cgroup.conf.5
index 63878cb1b2466c7a5e8788a30d9333082c7a3956..6e086b2a50ac7635004e2edefad75166d1d2921c 100644
--- a/doc/man/man5/cgroup.conf.5
+++ b/doc/man/man5/cgroup.conf.5
@@ -136,6 +136,18 @@ If configured to "yes" then constrain the job's allowed devices based on GRES
 allocated resources. It uses the devices subsystem for that.
 The default value is "no".
 
+.TP
+\fBAllowedDevicesFile\fR=<path_to_allowed_devices_file>
+If the ConstrainDevices field is set to "yes" then this file has to be used to declare 
+the devices that need to be allowed by default for all the jobs. The current implementation 
+of cgroup devices subsystem works as a whitelist of entries, which means that in order to
+isolate the access of a job upon particular devices we need to allow the access on all
+the devices, supported by default and then deny on those that the job does not have the 
+permission to use. The default value is "/etc/slurm/cgroup_allowed_devices_file.conf". The syntax of 
+the file accepts one device per line and it permits lines like /dev/sda* or /dev/cpu/*/*. 
+See also an example of this file in etc/allowed_devices_file.conf.example.
+
+
 .SH "EXAMPLE"
 .LP
 .br
diff --git a/etc/cgroup_allowed_devices_file.conf.example b/etc/cgroup_allowed_devices_file.conf.example
new file mode 100644
index 0000000000000000000000000000000000000000..dcd22949d7ae183d3ddf440eba58b51fba02cef1
--- /dev/null
+++ b/etc/cgroup_allowed_devices_file.conf.example
@@ -0,0 +1,6 @@
+/dev/null
+/dev/urandom
+/dev/zero
+/dev/sda*
+/dev/cpu/*/*
+/dev/pts/*