From 5b0ff05c2377a8a8a5ef13d34fc71ce0587ed6df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Fri, 1 Jul 2022 13:04:48 +0200
Subject: [PATCH] Remove sysctl_fs_protected_* rules from RHEL 9 OSPP

The sysctl_fs_protected_hardlinks and sysctl_fs_protected_symlinks rules
reenforce the RHEL 9 default value. While that protection is useful,
there is no specific OSPP SFR or other reason for the SCAP rules in the
OSPP profile.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2081719
---
 products/rhel9/profiles/ospp.profile | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
index 1fad0031749..5536dd7b2b6 100644
--- a/products/rhel9/profiles/ospp.profile
+++ b/products/rhel9/profiles/ospp.profile
@@ -141,10 +141,6 @@ selections:
     - sysctl_net_core_bpf_jit_harden
     - service_kdump_disabled
 
-    ## File System Settings
-    - sysctl_fs_protected_hardlinks
-    - sysctl_fs_protected_symlinks
-
     ### Audit
     - service_auditd_enabled
     - var_auditd_flush=incremental_async