--- zzzz-none-000/linux-5.15.111/fs/namespace.c	2023-05-11 14:00:40.000000000 +0000
+++ puma7-arm-6670-761/linux-5.15.111/fs/namespace.c	2024-02-07 09:28:05.000000000 +0000
@@ -7,6 +7,10 @@
  * Based on code from fs/super.c, copyright Linus Torvalds and others.
  * Heavily rewritten.
  */
+/*
+ * Includes Intel Corporation's changes dated: 2019.
+ * Changed portions - Copyright 2019, Intel Corporation.
+ */
 
 #include <linux/syscalls.h>
 #include <linux/export.h>
@@ -3232,6 +3236,10 @@
 	return data ? strndup_user(data, PATH_MAX) : NULL;
 }
 
+#ifdef CONFIG_INTEL_MOUNT_EXEC_DISABLED
+int mount_exec_disabled = 0;
+#endif
+
 /*
  * Flags is a 32-bit value that allows up to 31 non-fs dependent flags to
  * be given to the mount() call (ie: read-only, no-dev, no-suid etc).
@@ -3280,6 +3288,12 @@
 		mnt_flags |= MNT_NOSUID;
 	if (flags & MS_NODEV)
 		mnt_flags |= MNT_NODEV;
+#ifdef CONFIG_INTEL_MOUNT_EXEC_DISABLED
+	if (!(flags & MS_NOEXEC) && mount_exec_disabled)
+	{
+		return -EPERM;
+	}
+#endif
 	if (flags & MS_NOEXEC)
 		mnt_flags |= MNT_NOEXEC;
 	if (flags & MS_NOATIME)