1 files changed, 11 insertions, 0 deletions
diff --git a/etc/inc/disable-exec.inc b/etc/inc/disable-exec.inc
new file mode 100644
index 000000000..ee3391730
--- /dev/null
+++ b/etc/inc/disable-exec.inc
@@ -0,0 +1,11 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-exec.local
+noexec ${HOME}
+noexec ${RUNUSER}
+noexec /dev/shm
+noexec /tmp
+# /var is noexec by default for unprivileged users
+# except there is a writable-var option, so just in case:
+noexec /var

diff --git a/etc/inc/disable-exec.inc b/etc/inc/disable-exec.inc new file mode 100644 index 000000000..ee3391730 --- /dev/null +++ b/etc/inc/disable-exec.inc
@@ -0,0 +1,11 @@
	1	# This file is overwritten during software install.
	2	# Persistent customizations should go in a .local file.
	3	include disable-exec.local
	4
	5	noexec ${HOME}
	6	noexec ${RUNUSER}
	7	noexec /dev/shm
	8	noexec /tmp
	9	# /var is noexec by default for unprivileged users
	10	# except there is a writable-var option, so just in case:
	11	noexec /var