Bug 1730174

Summary: Containers with volume mappings cause traceback: KeyError: 'source'
Product: [Fedora] Fedora Reporter: Ira Malinich <thub>
Component: udicaAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 30CC: lvrabec
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: udica-0.1.8-1.fc30 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-20 02:33:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ira Malinich 2019-07-16 05:05:35 UTC 
Description of problem:
On all of the images I've tried, if I create a relatively innocent volume mapping, udica fails with a traceback error.


Version-Release number of selected component (if applicable):
udica-0.1.7-1.fc30.noarch


How reproducible:
Consistently


Steps to Reproduce:
1. Get an image.
podman pull github.io/library/fedora

2. Create the container with a volume mapping like this:
$ podman run --detach --tty --name=fedora-user \
        -v /home/thub/Downloads:/downloads:ro \
        docker.io/library/fedora

3. Get the json data.
$ podman inspect fedora-user > fedora-user.json

4. Run udica.
$ udica -j fedora-user.json container_fedora_user


Actual results:
Traceback (most recent call last):
  File "/usr/bin/udica", line 11, in <module>
    load_entry_point('udica==0.1.7', 'console_scripts', 'udica')()
  File "/usr/lib/python3.7/site-packages/udica/__main__.py", line 109, in main
    create_policy(opts, container_caps, container_mounts, container_ports)
  File "/usr/lib/python3.7/site-packages/udica/policy.py", line 131, in create_policy
    if not item['source'].find("/"):
KeyError: 'source'


Expected results:
Creates an SELinux policy to be imported into the system.

Additional info:
I get the same behaviour using rooted podman and rootless podman.
Comment 1 Lukas Vrabec 2019-07-16 07:35:39 UTC 
Hi Ira, 

This issue in udica is caused by new podman version (podman-1.4.0+). It's already fixed in fedora packages for udica are in updates-testing repository. Here is a update page: 
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9b39f10dbe

You can install udica-0.1.8-1.fc30 using:
$ sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-9b39f10dbe


Feel free to add karma after testing this package. 

Thanks,
Lukas.
Comment 2 Fedora Update System 2019-07-16 07:41:15 UTC 
FEDORA-2019-9b39f10dbe has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9b39f10dbe
Comment 3 Ira Malinich 2019-07-17 07:01:24 UTC 
The update works fine for me.  Karma was added.
Comment 4 Lukas Vrabec 2019-07-17 07:43:44 UTC 
Thanks for feedback.
Comment 5 Fedora Update System 2019-07-20 02:33:38 UTC 
udica-0.1.8-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.