diff --git a/debian/control b/debian/control
index dfe6cc0..6ddb85b 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Standards-Version: 4.3.0
 Package: security-misc
 Architecture: all
 Depends: python, libglib2.0-bin, libpam-runtime, sudo, adduser,
- apparmor-profile-anondist, ${misc:Depends}
+ apparmor-profile-anondist, helper-scripts, ${misc:Depends}
 Replaces: tcp-timestamps-disable
 Description: enhances misc security settings
  Inspired by Kernel Self Protection Project (KSPP)
diff --git a/usr/lib/security-misc/remount-secure b/usr/lib/security-misc/remount-secure
index 6756592..86fabf4 100755
--- a/usr/lib/security-misc/remount-secure
+++ b/usr/lib/security-misc/remount-secure
@@ -8,6 +8,7 @@
 
 ## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
 
+set -x
 set -e
 
 if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
@@ -37,90 +38,69 @@ fi
 
 exit_code=0
 
-_home() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
+mount_output="$(mount)"
+
+remount_secure() {
+   ## ${FUNCNAME[1]} is the name of the calling function. I.e. the function
+   ## which called this function.
+   status_file_name="${FUNCNAME[1]}"
+   ## example status_file_name:
+   ## _home
+
+   if [ -e "/var/run/remount-secure/${status_file_name}" ]; then
       return 0
    fi
-   new_mount_options="nosuid,nodev${noexec_maybe}"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
+   ## str_replace is provided by package helper-scripts.
+   mount_folder="$(echo "${status_file_name}" | str_replace "_" "/")"
+   ## example mount_folder:
+   ## /home
+
+   if echo "$mount_output" | grep "$mount_folder" | grep -q "$new_mount_options" ; then
+      echo "INFO: $mount_folder has already intended mount options."
       return 0
    fi
-   mount -o "remount,${new_mount_options}" "$funcname_sanatized" || exit_code=2
+
+   if echo "$mount_output" | grep -q "$mount_folder" ; then
+      ## Already mounted. Using remount.
+      mount -o "remount,${new_mount_options}" "$mount_folder"
+   else
+      ## Not yet mounted. Using mount bind.
+      mount -o "$new_mount_options" --bind "$mount_folder" "$mount_folder"
+   fi
+
    touch "/var/run/remount-secure/${FUNCNAME}"
 }
 
+_home() {
+   new_mount_options="nosuid,nodev${noexec_maybe}"
+   remount_secure "$@"
+}
+
 _run() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
-      return 0
-   fi
    ## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html
    new_mount_options="nosuid,nodev${noexec_maybe}"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
-      return 0
-   fi
-   mount -o "remount,${new_mount_options}" "$funcname_sanatized" || exit_code=3
-   touch "/var/run/remount-secure/${FUNCNAME}"
+   remount_secure "$@"
 }
 
 _dev_shm() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
-      return 0
-   fi
    new_mount_options="nosuid,nodev${noexec_maybe}"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
-      return 0
-   fi
-   mount -o "remount,${new_mount_options}" "$funcname_sanatized" || exit_code=4
-   touch "/var/run/remount-secure/${FUNCNAME}"
+   remount_secure "$@"
 }
 
 _tmp() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
-      return 0
-   fi
    new_mount_options="nosuid,nodev${noexec_maybe}"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
-      return 0
-   fi
-   mount -o "$new_mount_options" --bind "$funcname_sanatized" "$funcname_sanatized" || exit_code=5
-   touch "/var/run/remount-secure/${FUNCNAME}"
+   remount_secure "$@"
 }
 
 _sys_kernel_security() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
-      return 0
-   fi
    new_mount_options="nosuid,nodev${noexec_maybe}"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
-      return 0
-   fi
-   mount -o "$new_mount_options" --bind "$funcname_sanatized" "$funcname_sanatized" || exit_code=6
-   touch "/var/run/remount-secure/${FUNCNAME}"
+   remount_secure "$@"
 }
 
 _lib() {
-   funcname_sanatized="$(echo "$FUNCNAME" | str_replace "_" "/")"
-   if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
-      return 0
-   fi
    ## Not using noexec on /lib.
    new_mount_options="nosuid,nodev"
-   if mount | grep "$funcname_sanatized" | grep -q "$new_mount_options" ; then
-      echo "INFO: $funcname_sanatized has already intended mount options."
-      return 0
-   fi
-   mount -o "$new_mount_options" --bind "$funcname_sanatized" "$funcname_sanatized" || exit_code=7
-   touch "/var/run/remount-secure/${FUNCNAME}"
+   remount_secure "$@"
 }
 
 end() {