From: John Mulligan <jmulligan@redhat.com>
Date: Mon, 10 Jun 2024 18:30:31 +0000 (-0400)
Subject: cephadm: update hosts_facts to read apparmor profile names with spaces
X-Git-Tag: v19.2.1~137^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ad50f20e9ff6e09674934ad60c5085a5334e8d66;p=ceph.git

cephadm: update hosts_facts to read apparmor profile names with spaces

Fixes: https://tracker.ceph.com/issues/66389

Update the host_facts class kernel_security method to correctly read
apparmor profile names that have spaces in them. Update the test to
verify this functionality.

Original-version-by: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit d40fe10b8a75402d518fb54f58c689331c854778)
---

diff --git a/src/cephadm/cephadmlib/host_facts.py b/src/cephadm/cephadmlib/host_facts.py
index 1cfb2ac84d92..387a4a3cb0a2 100644
--- a/src/cephadm/cephadmlib/host_facts.py
+++ b/src/cephadm/cephadmlib/host_facts.py
@@ -719,8 +719,9 @@ class HostFacts:
                     else:
                         summary = {}  # type: Dict[str, int]
                         for line in profiles.split('\n'):
-                            item, mode = line.split(' ')
-                            mode = mode.strip('()')
+                            mode = line.rsplit(' ', 1)[-1]
+                            assert mode[0] == '(' and mode[-1] == ')'
+                            mode = mode[1:-1]
                             if mode in summary:
                                 summary[mode] += 1
                             else:
diff --git a/src/cephadm/tests/test_enclosure.py b/src/cephadm/tests/test_enclosure.py
index 243f07e85771..b8e21853eae8 100644
--- a/src/cephadm/tests/test_enclosure.py
+++ b/src/cephadm/tests/test_enclosure.py
@@ -83,9 +83,8 @@ def test_host_facts_security(cephadm_fs):
         '/usr/bin/man (enforce)',
         '1password (unconfined)',
         'Discord (unconfined)',
-        # These examples with spaces in the name fail currently
-        # 'MongoDB Compass (unconfined)',
-        # 'profile name with spaces (enforce)',
+        'MongoDB Compass (unconfined)',
+        'profile name with spaces (enforce)',
     ]
     cephadm_fs.create_file(
         '/sys/kernel/security/apparmor/profiles',
@@ -105,5 +104,5 @@ def test_host_facts_security(cephadm_fs):
     assert ksec['type'] == 'AppArmor'
     assert ksec['type'] == 'AppArmor'
     assert ksec['complain'] == 0
-    assert ksec['enforce'] == 0
-    assert ksec['unconfined'] == 1
+    assert ksec['enforce'] == 1
+    assert ksec['unconfined'] == 2