{{{ oval_metadata("ensure tmp.mount services has noexec option configured.") }}} /usr/lib/systemd/system/tmp.mount ^[\s]*Options=.*noexec.*$ 1