Bug 2027656

Summary: Udica crashes when processing inspect file without capabilities
Product: Red Hat Enterprise Linux 9 Reporter: Vit Mojzis <vmojzis>
Component: udicaAssignee: Vit Mojzis <vmojzis>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.0CC: mmalik
Target Milestone: rcKeywords: AutoVerified, Triaged
Target Release: 9.0Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: udica-0.2.6-4.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2027662 (view as bug list) Environment:
Last Closed: 2022-05-17 12:22:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2027662, 2076617, 2076666    

Description Vit Mojzis 2021-11-30 11:01:56 UTC 
Description of problem:
Udica crashes when processing inspect file without capabilities.

Version-Release number of selected component (if applicable):
udica-0.2.6-3.el9
udica-0.2.6-2.module+el8.6.0+12734+7d3a79c8.noarch

How reproducible:
Try to generate a policy for a container without any capabilities.

Steps to Reproduce:
# podman run docker.io/byte13/b13-k8s-audit-tools:latest
# podman ps -a | grep docker.io/byte13/b13-k8s-audit-tools:latest
<container_ID>  docker.io/byte13/b13-k8s-audit-tools:latest  /bin/sh     9 minutes ago   Exited (0) 9 minutes ago               elegant_archimedes
# podman inspect <container_ID> > i
# grep "EffectiveCaps" i
"EffectiveCaps": null,
# udica -j i test

Actual results:
Traceback (most recent call last):
  File "/usr/local/bin/udica", line 33, in <module>
    sys.exit(load_entry_point('udica==0.2.4', 'console_scripts', 'udica')())
  File "/usr/local/lib/python3.9/site-packages/udica-0.2.4-py3.9.egg/udica/__main__.py", line 216, in main
TypeError: 'NoneType' object is not iterable

Expected results:

Policy test created!

Please load these modules using: 
# semodule -i test.cil /usr/share/udica/templates/base_container.cil


Additional info:
https://github.com/containers/udica/issues/103
Comment 4 Vit Mojzis 2022-01-06 07:43:51 UTC 
https://src.osci.redhat.com/rpms/udica/pull-request/12
Comment 10 errata-xmlrpc 2022-05-17 12:22:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: udica), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2305