From 98c3b41bc9de43538f2ae9297f90edb7bf2d6488 Mon Sep 17 00:00:00 2001
From: pierretom <pierretom+15@ik.me>
Date: Fri, 20 Mar 2026 09:33:34 +0100
Subject: [PATCH] disable-exec: add mount points

Example case: you want to access the photos and have scripts or binaries on the same USB flash drive.
Let's set mount points not executable in disable-exec.inc.
---
 etc/inc/disable-exec.inc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/etc/inc/disable-exec.inc b/etc/inc/disable-exec.inc
index d7dcef7e7..6296d008b 100644
--- a/etc/inc/disable-exec.inc
+++ b/etc/inc/disable-exec.inc
@@ -6,6 +6,10 @@ noexec ${HOME}
 noexec ${RUNUSER}
 noexec /dev/mqueue
 noexec /dev/shm
+noexec /media
+noexec /mnt
+noexec /run/media
+noexec /run/mount
 noexec /run/shm
 noexec /tmp
 # /var is noexec by default for unprivileged users