From 99289f3ea58906f7aaadabd0d0d814abb6e34615 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Mon, 10 Jun 2024 14:30:31 -0400
Subject: [PATCH] cephadm: update hosts_facts to read apparmor profile names
 with spaces

Fixes: https://tracker.ceph.com/issues/66389

Update the host_facts class kernel_security method to correctly read
apparmor profile names that have spaces in them. Update the test to
verify this functionality.

Original-version-by: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit d40fe10b8a75402d518fb54f58c689331c854778)

Conflicts:
	src/cephadm/cephadmlib/host_facts.py
---
 src/cephadm/cephadm.py              | 5 +++--
 src/cephadm/tests/test_enclosure.py | 9 ++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py
index c718106400f..26b5f4c708c 100755
--- a/src/cephadm/cephadm.py
+++ b/src/cephadm/cephadm.py
@@ -9838,8 +9838,9 @@ class HostFacts():
                     else:
                         summary = {}  # type: Dict[str, int]
                         for line in profiles.split('\n'):
-                            item, mode = line.split(' ')
-                            mode = mode.strip('()')
+                            mode = line.rsplit(' ', 1)[-1]
+                            assert mode[0] == '(' and mode[-1] == ')'
+                            mode = mode[1:-1]
                             if mode in summary:
                                 summary[mode] += 1
                             else:
diff --git a/src/cephadm/tests/test_enclosure.py b/src/cephadm/tests/test_enclosure.py
index b825fb6b32e..64643e4c224 100644
--- a/src/cephadm/tests/test_enclosure.py
+++ b/src/cephadm/tests/test_enclosure.py
@@ -81,9 +81,8 @@ def test_host_facts_security(cephadm_fs):
         '/usr/bin/man (enforce)',
         '1password (unconfined)',
         'Discord (unconfined)',
-        # These examples with spaces in the name fail currently
-        # 'MongoDB Compass (unconfined)',
-        # 'profile name with spaces (enforce)',
+        'MongoDB Compass (unconfined)',
+        'profile name with spaces (enforce)',
     ]
     cephadm_fs.create_file(
         '/sys/kernel/security/apparmor/profiles',
@@ -103,5 +102,5 @@ def test_host_facts_security(cephadm_fs):
     assert ksec['type'] == 'AppArmor'
     assert ksec['type'] == 'AppArmor'
     assert ksec['complain'] == 0
-    assert ksec['enforce'] == 0
-    assert ksec['unconfined'] == 1
+    assert ksec['enforce'] == 1
+    assert ksec['unconfined'] == 2
-- 
2.39.5