As this has bitten us more than once in the past, we had to find a solution that would work for us while this issue was discussed. Adding a mount unit without noexec for /run/qemu was the obvious and most straightforward solution. We have on average at least one qemu update between reboots, so having a reliable and trackable mount unit would be the preferred solution.
But I do acknowledge that the DH acrobatics are a bit ugly. :)
As this has bitten us more than once in the past, we had to find a solution that would work for us while this issue was discussed. Adding a mount unit without noexec for /run/qemu was the obvious and most straightforward solution. We have on average at least one qemu update between reboots, so having a reliable and trackable mount unit would be the preferred solution.
But I do acknowledge that the DH acrobatics are a bit ugly. :)