Description of problem: udica does not properly parse the published ports from "podman inspect" for version 2.0 or greater podman Version-Release number of selected component (if applicable): udica-0.2.1-2 How reproducible: Always Steps to Reproduce: 1. run a podman container publishing network ports 2. create a policy with udica from the "podman inspect" output of the container 3. re-run the container specifying the new policy with "--security-opt" Actual results: The application in the container get permission errors on its network ports. ausearch shows AVC name_bind denials for the container's ports. Expected results: The application in the container should be able to access the network through its published ports. Additional info: The json output of "podman inspect" changed in version 2.0, and udica needs a change to deal with that. upstream pull request https://github.com/containers/udica/pull/61 fixes this. NOTE that this change makes 2.0 the minimum supported podman version for udica.
Hi Guy, Following update should fix that: https://bodhi.fedoraproject.org/updates/FEDORA-2020-59c7d8a64a Thanks, Lukas.
FEDORA-2020-59c7d8a64a has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-59c7d8a64a
FEDORA-2020-59c7d8a64a has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.