Hello. Ubuntu 24.04. There is apparmor profile for Mongo Compass that has space in name.
From /etc/apparmor.d/MongoDB_Compass
# This profile allows everything and only exists to give the
# application a name instead of having the label "unconfined"
abi <abi/4.0>,
include <tunables/global>
profile "MongoDB Compass" "/usr/lib/mongodb-compass/MongoDB Compass" flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/MongoDB_Compass>
}
So in
/sys/kernel/security/apparmor/profiles
profile info looks
MongoDB Compass (unconfined)
that breaks cephadm (17.2.7, maybe 18+)
2024-04-19T23:07:14.870585+0000 mon.ceph-mon-n1 (mon.0) 98 : cluster [WRN] ValueError: too many values to unpack (expected 2)
2024-04-19T23:07:14.870595+0000 mon.ceph-mon-n1 (mon.0) 99 : cluster [WRN] host osd.server.local `cephadm ceph-volume` failed: cephadm exited with an error code: 1, stderr: Traceback (most recent call last):
2024-04-19T23:07:14.870599+0000 mon.ceph-mon-n1 (mon.0) 100 : cluster [WRN] File "<frozen runpy>", line 198, in _run_module_as_main
2024-04-19T23:07:14.870606+0000 mon.ceph-mon-n1 (mon.0) 101 : cluster [WRN] File "<frozen runpy>", line 88, in _run_code
2024-04-19T23:07:14.870625+0000 mon.ceph-mon-n1 (mon.0) 102 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 10096, in <module>
2024-04-19T23:07:14.870629+0000 mon.ceph-mon-n1 (mon.0) 103 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 10084, in main
2024-04-19T23:07:14.870632+0000 mon.ceph-mon-n1 (mon.0) 104 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 2215, in _infer_config
2024-04-19T23:07:14.870638+0000 mon.ceph-mon-n1 (mon.0) 105 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 2131, in _infer_fsid
2024-04-19T23:07:14.870646+0000 mon.ceph-mon-n1 (mon.0) 106 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 2243, in _infer_image
2024-04-19T23:07:14.870650+0000 mon.ceph-mon-n1 (mon.0) 107 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 2118, in _validate_fsid
2024-04-19T23:07:14.870654+0000 mon.ceph-mon-n1 (mon.0) 108 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 6452, in command_ceph_volume
2024-04-19T23:07:14.870659+0000 mon.ceph-mon-n1 (mon.0) 109 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 3075, in get_container_mounts
2024-04-19T23:07:14.870667+0000 mon.ceph-mon-n1 (mon.0) 110 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 9164, in selinux_enabled
2024-04-19T23:07:14.870685+0000 mon.ceph-mon-n1 (mon.0) 111 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 9147, in kernel_security
2024-04-19T23:07:14.870699+0000 mon.ceph-mon-n1 (mon.0) 112 : cluster [WRN] File "/var/lib/ceph/7fb3e0f4-a33e-11eb-af89-4954feb59e76/cephadm.7dcbd4aab60af3e83970c60d4a8a2cc6ea7b997ecc2f4de0a47eeacbb88dde46/__main__.py", line 9128, in _fetch_apparmor
2024-04-19T23:07:14.870703+0000 mon.ceph-mon-n1 (mon.0) 113 : cluster [WRN] ValueError: too many values to unpack (expected 2)
I understand that spaces in profile names are unusual and can cause problems, but they are allowed - and as you can see, they get used "in the wild".
This also means that software that reads /sys/kernel/ security/ apparmor/ profiles or /proc/* /attr/apparmor/ current should be able to handle such unusual profile names.
I know that it's probably not what you want to hear, but the best solution would be a bugreport for cephadm so that it gets a more robust parsing.