From cd44a7e1369cd798b06595fdb118e0c7bea52194 Mon Sep 17 00:00:00 2001
From: Aaron Rainbolt <arraybolt3@ubuntu.com>
Date: Fri, 22 Aug 2025 16:00:25 -0500
Subject: [PATCH] Disable memlockd service by default, fix systemd path

---
 usr/lib/systemd/system-preset/50-security-misc.preset | 4 ++++
 usr/share/security-misc/security-misc-memlockd.cfg    | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr/lib/systemd/system-preset/50-security-misc.preset b/usr/lib/systemd/system-preset/50-security-misc.preset
index fda8e4d..d3c6c17 100644
--- a/usr/lib/systemd/system-preset/50-security-misc.preset
+++ b/usr/lib/systemd/system-preset/50-security-misc.preset
@@ -26,3 +26,7 @@ disable ensure-shutdown-trigger.service
 
 ## TODO: Disabled due to bug: breaks ISO Live Mode Calamares installer
 disable emerg-shutdown.service
+
+## memlockd is needed by emerg-shutdown, but the service is not, the user can
+## enable this manually if desired.
+disable memlockd.service
diff --git a/usr/share/security-misc/security-misc-memlockd.cfg b/usr/share/security-misc/security-misc-memlockd.cfg
index ebdc4c6..12439b3 100644
--- a/usr/share/security-misc/security-misc-memlockd.cfg
+++ b/usr/share/security-misc/security-misc-memlockd.cfg
@@ -1,2 +1,2 @@
 # Lock systemd and all of its library dependencies into memory
-+/usr/bin/systemd
++/usr/lib/systemd/systemd