diff --git a/etc/permission-hardener.d/25_default_whitelist_mount.conf b/etc/permission-hardener.d/25_default_whitelist_mount.conf
index 08965b8..c0a4f96 100644
--- a/etc/permission-hardener.d/25_default_whitelist_mount.conf
+++ b/etc/permission-hardener.d/25_default_whitelist_mount.conf
@@ -10,8 +10,12 @@
 ## SUID will be removed below in separate step.
 /bin/mount exactwhitelist
 /usr/bin/mount exactwhitelist
+/bin/umount exactwhitelist
+/usr/bin/umount exactwhitelist
 
 ## Remove SUID from 'mount' but keep executable.
 ## https://forums.whonix.org/t/disable-suid-binaries/7706/61
 /bin/mount 755 root root
 /usr/bin/mount 755 root root
+/bin/umount 755 root root
+/usr/bin/umount 755 root root