Comment 8 for bug 1153781

If you look at the FSMountOptions structure

 http://cgit.freedesktop.org/udisks/tree/src/device.c?id=1.0.2#n5843

then there are two arrays: defaults and allow. I think it would make sense to control both on a per-device basis via udev via, say. UDISKS_MOUNT_OPTIONS and UDISKS_MOUNT_OPTIONS_ALLOW. The former would be appended to the existing mount options (as you suggest) and the latter would be replacing it (to allow complete lockdown).

Then your use case will be just setting

 UDISKS_MOUNT_OPTIONS="ro,noexec"

Regarding the patch: I don't think we need to expose this a D-Bus property. Also, the patch should also include a modification to the udisks(7) man page.