(re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security?

These two things must not run together.

Dec 29 04:17:12 debian-buster-test remount-secure[410]: mount -o nosuid,nodev --bind /tmp /tmp

Dec 29 04:17:12 debian-buster-test permission-hardening[413]: /usr/lib/security-misc/permission-hardening: line 255: cannot create temp file for here-document: No such file or directory
Dec 29 04:17:12 debian-buster-test permission-hardening[413]: ERROR: cannot parse line: /usr/bin/sudo exactwhitelist

Can cause issues such as this:

How can a systemd unit alone without any others being executed at the very same time?