diff --git a/internal/distro/fedora/distro.go b/internal/distro/fedora/distro.go
index 640e9bcb4..3adee5ccc 100644
--- a/internal/distro/fedora/distro.go
+++ b/internal/distro/fedora/distro.go
@@ -809,6 +809,16 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
 		return err
 	}
 
+	err = blueprint.CheckDirectoryCustomizationsPolicy(dc, pathpolicy.CustomDirectoriesPolicies)
+	if err != nil {
+		return err
+	}
+
+	err = blueprint.CheckFileCustomizationsPolicy(fc, pathpolicy.CustomFilesPolicies)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
diff --git a/internal/distro/rhel7/distro.go b/internal/distro/rhel7/distro.go
index d34a562ea..62d034687 100644
--- a/internal/distro/rhel7/distro.go
+++ b/internal/distro/rhel7/distro.go
@@ -511,6 +511,16 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
 		return err
 	}
 
+	err = blueprint.CheckDirectoryCustomizationsPolicy(dc, pathpolicy.CustomDirectoriesPolicies)
+	if err != nil {
+		return err
+	}
+
+	err = blueprint.CheckFileCustomizationsPolicy(fc, pathpolicy.CustomFilesPolicies)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
diff --git a/internal/distro/rhel8/imagetype.go b/internal/distro/rhel8/imagetype.go
index 8b6c26aca..6efa022d7 100644
--- a/internal/distro/rhel8/imagetype.go
+++ b/internal/distro/rhel8/imagetype.go
@@ -446,5 +446,15 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
 		return err
 	}
 
+	err = blueprint.CheckDirectoryCustomizationsPolicy(dc, pathpolicy.CustomDirectoriesPolicies)
+	if err != nil {
+		return err
+	}
+
+	err = blueprint.CheckFileCustomizationsPolicy(fc, pathpolicy.CustomFilesPolicies)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/internal/distro/rhel9/imagetype.go b/internal/distro/rhel9/imagetype.go
index f03ee682e..dcf653d74 100644
--- a/internal/distro/rhel9/imagetype.go
+++ b/internal/distro/rhel9/imagetype.go
@@ -423,6 +423,15 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
 	if err != nil {
 		return err
 	}
+	err = blueprint.CheckDirectoryCustomizationsPolicy(dc, pathpolicy.CustomDirectoriesPolicies)
+	if err != nil {
+		return err
+	}
+
+	err = blueprint.CheckFileCustomizationsPolicy(fc, pathpolicy.CustomFilesPolicies)
+	if err != nil {
+		return err
+	}
 
 	return nil
 }
diff --git a/internal/pathpolicy/policies.go b/internal/pathpolicy/policies.go
index 1dc9a283c..aa4d315c9 100644
--- a/internal/pathpolicy/policies.go
+++ b/internal/pathpolicy/policies.go
@@ -13,3 +13,19 @@ var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
 	"/home": {},
 	"/tmp":  {},
 })
+
+// CustomDirectoriesPolicies is a set of default policies for custom directories
+var CustomDirectoriesPolicies = NewPathPolicies(map[string]PathPolicy{
+	"/":    {Deny: true},
+	"/etc": {},
+})
+
+// CustomFilesPolicies is a set of default policies for custom files
+var CustomFilesPolicies = NewPathPolicies(map[string]PathPolicy{
+	"/":           {Deny: true},
+	"/etc":        {},
+	"/etc/fstab":  {Deny: true},
+	"/etc/shadow": {Deny: true},
+	"/etc/passwd": {Deny: true},
+	"/etc/group":  {Deny: true},
+})