Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CentOS Stream 8, udica returns errors when building CIL... #103

Closed
byte13 opened this issue Oct 16, 2021 · 8 comments
Closed

CentOS Stream 8, udica returns errors when building CIL... #103

byte13 opened this issue Oct 16, 2021 · 8 comments

Comments

@byte13
Copy link

byte13 commented Oct 16, 2021
edited

Describe the bug
When running udica, the following error is returned :
Traceback (most recent call last):
File "/usr/bin/udica", line 11, in
load_entry_point('udica==0.2.6', 'console_scripts', 'udica')()
File "/usr/lib/python3.6/site-packages/udica/main.py", line 216, in main
container_caps = sorted(engine_helper.get_caps(container_inspect, opts))
TypeError: 'NoneType' object is not iterable

To Reproduce
Steps to reproduce the behavior:

  1. podman inspect f8d0cb6c653e >b13test.json
  2. udica -j b13test.json b13test
  3. Aforementioned output is displayed

Expected behavior
Expected output :
Policy b13test with container id f8d0cb6c653e created!

Additional context
See b13test.json as attached file
b13test.zip

$ podman version
Version: 4.0.0-dev
API Version: 4.0.0-dev
Go Version: go1.16.7
Built: Thu Sep 30 17:17:20 2021
OS/Arch: linux/amd64

$ udica --version
0.2.6

$ more /etc/os-release
NAME="CentOS Stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"
@byte13 byte13 changed the title CentOS 8 Stream, udica returns errors when building CIL... CentOS Stream 8, udica returns errors when building CIL... Oct 16, 2021
@mavit
Copy link

mavit commented Nov 5, 2021

I see essentially the same error on Fedora 35.

@mavit
Copy link

mavit commented Nov 5, 2021 

> podman inspect ... | grep EffectiveCaps
        "EffectiveCaps": null,

vmojzis added a commit to vmojzis/udica that referenced this issue Nov 9, 2021
@vmojzis
Make sure each section of the inspect exists before accessing
b00e403 
Fixes: containers#105,
       containers#103

Inspired by:
WellIDKRealy@0c56d98

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
@vmojzis
Copy link
Collaborator

vmojzis commented Nov 10, 2021

Thank you for reporting the issue, the following patch should fix it: #106

vmojzis added a commit that referenced this issue Nov 11, 2021
@vmojzis
Make sure each section of the inspect exists before accessing
dd05dbe 
Fixes: #105,
       #103

Inspired by:
WellIDKRealy@0c56d98

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
@vmojzis
Copy link
Collaborator

vmojzis commented Feb 28, 2022

@byte13 @mavit Can you please confirm that the following patch fixes your issue (it's present in udica-0.2.6-2 and newer on Fedora)?
dd05dbe

@mavit
Copy link

mavit commented Mar 1, 2022
edited

Yes, udica-0.2.6-3.fc36 seems to work for me on Fedora 35. Thanks.

@byte13
Copy link
Author

byte13 commented Mar 5, 2022
edited

@vmojzis
Sorry for the late answer and many thank's for the follow-up.

Yes it works now :

$ more /etc/os-release
NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.5 (Green Obsidian)"

$ udica -V
0.2.6

$ udica -j etcd.json etcd

Policy etcd created!

Please load these modules using:
semodule -i etcd.cil /usr/share/udica/templates/base_container.cil

Restart the container with: "--security-opt label=type:etcd.process" parameter

Many thank's again and best regards !

@vmojzis
Copy link
Collaborator

vmojzis commented Apr 29, 2022

Thank you for the testing. Closing.

@vmojzis vmojzis closed this as completed Apr 29, 2022
@deeplow
Copy link

deeplow commented Aug 30, 2022
edited

Fedora 35 still doesn't have udica 0.2.7, which I think has this fix. So I solved it by editing the .json like this:

-     "EffectiveCaps": null,
-     "BoundingCaps": null,
+     "EffectiveCaps": [],
+     "BoundingCaps": [],

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mavit @vmojzis @byte13 @deeplow