-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add more sysctl settings, allow overwriting #120
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. One thing could be improved.
tasks/sysctl.yml
Outdated
@@ -19,6 +19,10 @@ | |||
command: 'update-initramfs -u' | |||
when: initramfs.changed | |||
|
|||
- name: create a combined sysctl-dict if overwrites are defined | |||
set_fact: sysctl_config="{{ sysctl_config | combine(sysctl_overwrite) }}" | |||
when: sysctl_overwrite | default(omit) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you checked that omit
evaluates to False? I would not rely on that. Just use default()
which defaults to False
😉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I updated all the occurences!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, one minor detail could be improved in the update.
tasks/suid_sgid.yml
Outdated
@@ -20,5 +20,5 @@ | |||
- name: remove suid/sgid bit from all binaries except in system and user whitelist | |||
file: path='{{item}}' mode='a-s' state=file follow=yes | |||
with_items: | |||
- '{{ suid | default(omit) | difference(os_security_suid_sgid_whitelist) }}' | |||
- '{{ suid | default() | difference(os_security_suid_sgid_whitelist) }}' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case better use with_flattened
and default([])
:) Similar goes with the other uses of default
in with_items
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated it!
Add support to specify a list of revoked public keys
add more sysctl settings, allow overwriting
Add support to specify a list of revoked public keys
No description provided.