diff --git a/data/80-udisks.rules b/data/80-udisks.rules
index d1351f3..720bb5f 100644
--- a/data/80-udisks.rules
+++ b/data/80-udisks.rules
@@ -223,5 +223,13 @@ ENV{ID_VENDOR}=="Sony", ENV{ID_MODEL}=="PRS*Launcher", ENV{UDISKS_PRESENTATION_H
 
 ##############################################################################################################
 
+# Additional mount options passed to udisks-daemon to allow sysamins to restrict mount to read-only or "noexec"
+# for example:
+# 
+# ENV{UDISKS_MOUNT_OPTIONS}="ro,noexec"
+#
+# or to mount all USB devices in read-only:
+# 
+# SUBSYSTEMS=="usb", ENV{UDISKS_MOUNT_OPTIONS}="ro"
 
 LABEL="udisks_end"
diff --git a/src/device-private.c b/src/device-private.c
index 22a0d35..245af6c 100644
--- a/src/device-private.c
+++ b/src/device-private.c
@@ -552,6 +552,18 @@ device_set_device_presentation_icon_name (Device *device,
 }
 
 void
+device_set_device_mount_options (Device *device,
+                                 const gchar *value)
+{
+  if (G_UNLIKELY (g_strcmp0 (device->priv->device_mount_options, value) != 0))
+    {
+      g_free (device->priv->device_mount_options);
+      device->priv->device_mount_options = g_strdup (value);
+      emit_changed (device, "device_mount_options");
+    }
+}
+
+void
 device_set_device_mounted_by_uid (Device *device,
                                   guint value)
 {
diff --git a/src/device-private.h b/src/device-private.h
index a6db7f2..3d6cda6 100644
--- a/src/device-private.h
+++ b/src/device-private.h
@@ -130,6 +130,7 @@ struct DevicePrivate
   gboolean device_presentation_nopolicy;
   char *device_presentation_name;
   char *device_presentation_icon_name;
+  char *device_mount_options;
 
   char *id_usage;
   char *id_type;
@@ -286,6 +287,8 @@ void device_set_device_presentation_hide (Device *device, gboolean value);
 void device_set_device_presentation_nopolicy (Device *device, gboolean value);
 void device_set_device_presentation_name (Device *device, const gchar *value);
 void device_set_device_presentation_icon_name (Device *device, const gchar *value);
+void device_set_device_mount_options (Device *device, const gchar *value);
+
 
 void device_set_id_usage (Device *device, const gchar *value);
 void device_set_id_type (Device *device, const gchar *value);
diff --git a/src/device.c b/src/device.c
index c4a83ff..1ff9728 100644
--- a/src/device.c
+++ b/src/device.c
@@ -214,7 +214,8 @@ enum
     PROP_DEVICE_PRESENTATION_NOPOLICY,
     PROP_DEVICE_PRESENTATION_NAME,
     PROP_DEVICE_PRESENTATION_ICON_NAME,
-
+    PROP_DEVICE_MOUNT_OPTIONS,
+    
     PROP_JOB_IN_PROGRESS,
     PROP_JOB_ID,
     PROP_JOB_INITIATED_BY_UID,
@@ -485,6 +486,9 @@ get_property (GObject *object,
     case PROP_DEVICE_PRESENTATION_ICON_NAME:
       g_value_set_string (value, device->priv->device_presentation_icon_name);
       break;
+    case PROP_DEVICE_MOUNT_OPTIONS:
+      g_value_set_string (value, device->priv->device_mount_options);
+      break;
 
     case PROP_JOB_IN_PROGRESS:
       g_value_set_boolean (value, device->priv->job_in_progress);
@@ -1117,6 +1121,13 @@ device_class_init (DeviceClass *klass)
                                                         NULL,
                                                         NULL,
                                                         G_PARAM_READABLE));
+  g_object_class_install_property (object_class,
+                                   PROP_DEVICE_MOUNT_OPTIONS,
+                                   g_param_spec_string ("device-mount-options",
+                                                        NULL,
+                                                        NULL,
+                                                        NULL,
+                                                        G_PARAM_READABLE));
 
   g_object_class_install_property (object_class, PROP_JOB_IN_PROGRESS, g_param_spec_boolean ("job-in-progress",
                                                                                              NULL,
@@ -1796,7 +1807,8 @@ device_finalize (GObject *object)
   g_ptr_array_free (device->priv->device_mount_paths, TRUE);
   g_free (device->priv->device_presentation_name);
   g_free (device->priv->device_presentation_icon_name);
-
+  g_free (device->priv->device_mount_options);
+  
   g_free (device->priv->id_usage);
   g_free (device->priv->id_type);
   g_free (device->priv->id_version);
@@ -2279,6 +2291,15 @@ diff_sorted_lists (GList *list1,
 
 /* update id_* properties */
 static gboolean
+update_mount_options (Device *device)
+{
+  device_set_device_mount_options (device, g_udev_device_get_property (device->priv->d, "UDISKS_MOUNT_OPTIONS"));
+
+  return TRUE;
+}
+
+/* update id_* properties */
+static gboolean
 update_info_presentation (Device *device)
 {
   gboolean hide;
@@ -4642,6 +4663,10 @@ update_info (Device *device)
   if (!update_info_presentation (device))
     goto out;
 
+  /* device_mount_options property */
+  if (!update_mount_options (device))
+    goto out;
+
   /* id_* properties */
   if (!update_info_id (device))
     goto out;
@@ -6308,6 +6333,11 @@ device_filesystem_mount_authorized_cb (Daemon *daemon,
 
   /* validate mount options and check for authorizations */
   s = g_string_new ("uhelper=udisks,nodev,nosuid");
+  if (device->priv->device_mount_options != NULL && strlen (device->priv->device_mount_options) > 0)
+    {
+      g_string_append_printf (s, ",%s", device->priv->device_mount_options);
+    }
+
   for (n = 0; options[n] != NULL; n++)
     {
       const char *option = options[n];