Ubuntu 22.04 /boot should be mounted with mount option noexec. /boot /etc/fstab ^[\s]*(?!#)[\S]+[\s]+/boot[\s]+[\S]+[\s]+([\S]+) 1 noexec 1 noexec