From 7c95edd0d3c87bab2231b380c94ae8531eca6e82 Mon Sep 17 00:00:00 2001
From: Kyle Sessions <kssessio@amazon.com>
Date: Thu, 24 Oct 2024 05:24:14 +0000
Subject: [PATCH] Revert "add default security settings"

This reverts commit 1395a0cbbe40fcb0f8d354d30cd4d3208044e956. This sets
up a process restriction that persists for all child processes,
including containers launched by runc.
---
 packages/release/release.spec                  | 5 -----
 packages/release/systemd-service-security.conf | 2 --
 2 files changed, 7 deletions(-)
 delete mode 100644 packages/release/systemd-service-security.conf

diff --git a/packages/release/release.spec b/packages/release/release.spec
index 26d71d0a4..742de31e3 100644
--- a/packages/release/release.spec
+++ b/packages/release/release.spec
@@ -87,7 +87,6 @@ Source1100: systemd-tmpfiles-setup-service-debug.conf
 Source1101: systemd-resolved-service-env.conf
 Source1102: systemd-networkd-service-env.conf
 Source1103: systemd-logind-inhibit-maxdelay.conf
-Source1104: systemd-service-security.conf
 
 # network link rules
 Source1200: 80-release.link
@@ -208,9 +207,6 @@ install -d %{buildroot}%{_cross_unitdir}/systemd-networkd.service.d
 install -p -m 0644 %{S:1102} \
   %{buildroot}%{_cross_unitdir}/systemd-networkd.service.d/00-env.conf
 
-install -d %{buildroot}%{_cross_unitdir}/service.d/
-install -p -m 0644 %{S:1104} %{buildroot}%{_cross_unitdir}/service.d/10-security.conf
-
 # Empty (but packaged) directory. The FIPS packages for kernels will add drop-ins to
 # this directory to arrange for the right modules to be loaded before the check runs.
 install -d %{buildroot}%{_cross_unitdir}/check-fips-modules.service.d
@@ -316,7 +312,6 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 %{_cross_unitdir}/prepare-local-fs.service
 %{_cross_unitdir}/deprecation-warning@.service
 %{_cross_unitdir}/deprecation-warning@.timer
-%{_cross_unitdir}/service.d/10-security.conf
 %dir %{_cross_unitdir}/systemd-resolved.service.d
 %{_cross_unitdir}/systemd-resolved.service.d/00-env.conf
 %dir %{_cross_unitdir}/systemd-networkd.service.d
diff --git a/packages/release/systemd-service-security.conf b/packages/release/systemd-service-security.conf
deleted file mode 100644
index 1891b0df6..000000000
--- a/packages/release/systemd-service-security.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Service]
-MemoryDenyWriteExecute=yes