-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cephadm: Avoid crash on AppArmor profile names with space #57527
base: main
Are you sure you want to change the base?
Conversation
“cephadm shell” (and possibly other sub-commands) would crash when there was an AppArmor profile that contained a space character in its name. This happened due to the code parsing /sys/kernel/security/apparmor/profiles only expecting a single space character per line. This commit fixes this issue by splitting the line on the last space character instead of splitting it on each one. Fixes: http://tracker.ceph.com/issues/66073 Signed-off-by: Sebastian Marsching <sebastian.marsching-git-2016@aquenos.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change looks OK but ideally we'd have some sort of test to avoid regressions, probably a unit test. Unfortunately, the host_facts stuff is a bit monolithic so I don't know how difficult it would be. Have you looked into adding a unit test? If not, could I bother you to do so but spend no more than a week at most on it. If you respond that you looked into it and it was too hard to write I'd happily approve anyway. I just don't want to miss the opporunity to have a test if it's not a big burden. Thanks!
@phlogistonjohn I considered writing a unit test, but due to there being no unit tests for Testing This is already a lot harder, because But the work does not stop there: As It certainly is possible to do this, but quite frankly I do not have the time to do all that work. The best thing that I can offer is making I discarded this idea because I wanted to keep the change for the bugfix minimal, in particular considering that I think it should be backported to Reef, and for a simple one-line fix this is much more reasonable than for a refactoring of the |
A quick update: In the meantime, I found that this problem also affects Ubuntu 24.04 Server, not just the Desktop version. And unfortunately, it cannot simply be fixed by replacing the For example, this happens when running
|
Fixes: http://tracker.ceph.com/issues/66073
cephadm shell
(and possibly other sub-commands) would crash whenthere was an AppArmor profile that contained a space character in its
name. This happened due to the code parsing
/sys/kernel/security/apparmor/profiles
only expecting a single spacecharacter per line.
This commit fixes this issue by splitting the line on the last space
character instead of splitting it on each one.
Contribution Guidelines
To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an
x
between the brackets:[x]
. Spaces and capitalization matter when checking off items this way.Checklist
Show available Jenkins commands
jenkins retest this please
jenkins test classic perf
jenkins test crimson perf
jenkins test signed
jenkins test make check
jenkins test make check arm64
jenkins test submodules
jenkins test dashboard
jenkins test dashboard cephadm
jenkins test api
jenkins test docs
jenkins render docs
jenkins test ceph-volume all
jenkins test ceph-volume tox
jenkins test windows
jenkins test rook e2e