From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 14 May 2013 14:31:10 +0000 (+0200)
Subject: newer kernel actually have defaults well above that
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=df333269a05f92baaf00c0177d47be4a44be2d9f;p=mirror%2Fdsa-puppet.git

newer kernel actually have defaults well above that
---

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 0c423ec10..d18c7bc96 100644
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -216,8 +216,7 @@ class debian-org {
 	# set mmap_min_addr to 4096 to mitigate
 	# Linux NULL-pointer dereference exploits
 	site::sysctl { 'mmap_min_addr':
-		key   => 'vm.mmap_min_addr',
-		value => '4096',
+		ensure => absent
 	}
 	site::sysctl { 'perf_event_paranoid':
 		key   => 'kernel.perf_event_paranoid',
diff --git a/modules/site/manifests/sysctl.pp b/modules/site/manifests/sysctl.pp
index 72b8e3d8e..e2d8f8816 100644
--- a/modules/site/manifests/sysctl.pp
+++ b/modules/site/manifests/sysctl.pp
@@ -1,7 +1,7 @@
-define site::sysctl ($key, $value, $target=Linux, $ensure = present) {
+define site::sysctl ($key='', $value='', $target=Linux, $ensure = present) {
 	include site
 	case $ensure {
-		present: {}
+		present: { if ($key == "" or $value == "") { fail ( "Need to provide key and value" )} }
 		absent:  {}
 		default: { fail ( "Unknown ensure value: '$ensure'" ) }
 	}