From df333269a05f92baaf00c0177d47be4a44be2d9f Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 14 May 2013 16:31:10 +0200
Subject: [PATCH] newer kernel actually have defaults well above that

---
 modules/debian-org/manifests/init.pp | 3 +--
 modules/site/manifests/sysctl.pp     | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 0c423ec10..d18c7bc96 100644
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -216,8 +216,7 @@ class debian-org {
 	# set mmap_min_addr to 4096 to mitigate
 	# Linux NULL-pointer dereference exploits
 	site::sysctl { 'mmap_min_addr':
-		key   => 'vm.mmap_min_addr',
-		value => '4096',
+		ensure => absent
 	}
 	site::sysctl { 'perf_event_paranoid':
 		key   => 'kernel.perf_event_paranoid',
diff --git a/modules/site/manifests/sysctl.pp b/modules/site/manifests/sysctl.pp
index 72b8e3d8e..e2d8f8816 100644
--- a/modules/site/manifests/sysctl.pp
+++ b/modules/site/manifests/sysctl.pp
@@ -1,7 +1,7 @@
-define site::sysctl ($key, $value, $target=Linux, $ensure = present) {
+define site::sysctl ($key='', $value='', $target=Linux, $ensure = present) {
 	include site
 	case $ensure {
-		present: {}
+		present: { if ($key == "" or $value == "") { fail ( "Need to provide key and value" )} }
 		absent:  {}
 		default: { fail ( "Unknown ensure value: '$ensure'" ) }
 	}
-- 
2.20.1