From d40fe10b8a75402d518fb54f58c689331c854778 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Mon, 10 Jun 2024 14:30:31 -0400
Subject: [PATCH] cephadm: update hosts_facts to read apparmor profile names
 with spaces

Fixes: https://tracker.ceph.com/issues/66389

Update the host_facts class kernel_security method to correctly read
apparmor profile names that have spaces in them. Update the test to
verify this functionality.

Original-version-by: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
Signed-off-by: John Mulligan <jmulligan@redhat.com>
---
 src/cephadm/cephadmlib/host_facts.py | 5 +++--
 src/cephadm/tests/test_enclosure.py  | 9 ++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/cephadm/cephadmlib/host_facts.py b/src/cephadm/cephadmlib/host_facts.py
index 1cfb2ac84d926..387a4a3cb0a2b 100644
--- a/src/cephadm/cephadmlib/host_facts.py
+++ b/src/cephadm/cephadmlib/host_facts.py
@@ -719,8 +719,9 @@ class HostFacts:
                     else:
                         summary = {}  # type: Dict[str, int]
                         for line in profiles.split('\n'):
-                            item, mode = line.split(' ')
-                            mode = mode.strip('()')
+                            mode = line.rsplit(' ', 1)[-1]
+                            assert mode[0] == '(' and mode[-1] == ')'
+                            mode = mode[1:-1]
                             if mode in summary:
                                 summary[mode] += 1
                             else:
diff --git a/src/cephadm/tests/test_enclosure.py b/src/cephadm/tests/test_enclosure.py
index 243f07e85771c..b8e21853eae84 100644
--- a/src/cephadm/tests/test_enclosure.py
+++ b/src/cephadm/tests/test_enclosure.py
@@ -83,9 +83,8 @@ def test_host_facts_security(cephadm_fs):
         '/usr/bin/man (enforce)',
         '1password (unconfined)',
         'Discord (unconfined)',
-        # These examples with spaces in the name fail currently
-        # 'MongoDB Compass (unconfined)',
-        # 'profile name with spaces (enforce)',
+        'MongoDB Compass (unconfined)',
+        'profile name with spaces (enforce)',
     ]
     cephadm_fs.create_file(
         '/sys/kernel/security/apparmor/profiles',
@@ -105,5 +104,5 @@ def test_host_facts_security(cephadm_fs):
     assert ksec['type'] == 'AppArmor'
     assert ksec['type'] == 'AppArmor'
     assert ksec['complain'] == 0
-    assert ksec['enforce'] == 0
-    assert ksec['unconfined'] == 1
+    assert ksec['enforce'] == 1
+    assert ksec['unconfined'] == 2
-- 
2.39.5