[Unit]
Description=Add nosuid and noexec to /dev and /dev/hugepages

[Service]
ExecStart=mount -o remount,nosuid,noexec /dev
ExecStart=mount -o remount,nosuid,noexec /dev/hugepages
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=sysinit.target