While creating udica policy, getting error "Couldn't create policy: [Errno 2] No such file or directory"

[skale-godaddy]

Describe the bug While generating an udica SELinux policy for nginx-unit container on AlmaLinux9 Host OS, getting following error. It's NOT giving this error while generating udica policy for the rest all containers other than nginx-unit.

To Reproduce Steps to reproduce the behavior:

docker inspect _<nginx-unit container id>_ | udica nginx_container
**Couldn't create policy: [Errno 2] No such file or directory**

Expected behavior

docker inspect _<nginx-unit container id>_ | udica nginx_container
Policy nginx_container created!

Please load these modules using:
# semodule -i nginx_container.cil /usr/share/udica/templates/base_container.cil

Restart the container with: "--security-opt label=type:nginx_container.process" parameter

Additional context Add any other context about the problem here.

[wrabcak]

Hello @skale-godaddy , Can you please share the docker inspection yaml file which is failing ?

Thanks, Lukas.

[skale-godaddy]

Hello @skale-godaddy , Can you please share the docker inspection yaml file which is failing ?

Thanks, Lukas.

Hi Lucas, Emailed you the Zip file. Please check and advise.

Thanks,

Santosh

[vmojzis]

Hi Santosh, could you please share the json file using https://pastebin.com/ or attach it directly here? I tried to reproduce the issue with the file you sent via email, but it was encoded using RTF which udica does not support. And after converting to plain text (using https://convertio.co/rtf-txt/) udica worked just fine (see the attached json -- the converter removed all whitespaces so it's hard to read). nginx.json

[skale-godaddy]

Hi Santosh, could you please share the json file using https://pastebin.com/ or attach it directly here? I tried to reproduce the issue with the file you sent via email, but it was encoded using RTF which udica does not support. And after converting to plain text (using https://convertio.co/rtf-txt/) udica worked just fine (see the attached json -- the converter removed all whitespaces so it's hard to read). nginx.json

Hi @vmojzis here attached/shared the nginx-unit container json file nginx_unit_container.json

Hope it helps.

[vmojzis]

This issue is already fixed in https://github.com/containers/udica/releases/tag/v0.2.7.

[skale-godaddy]

This issue is already fixed in https://github.com/containers/udica/releases/tag/v0.2.7.

Thanks Vit for your above reply on this issue. Can you please let me know the exact steps to be followed/applied using https://github.com/containers/udica/releases/tag/v0.2.7 and what to do with the current version of Udica already installed on my VM? Are you suggesting to install v0.2.7 version of Udica? Can you pl let me know What's wrong have you found in the container json file, I have shared with you?

[vmojzis]

@skale-godaddy There is nothing wrong with the json file. The version of udica you are using has a bug where it does not handle some file context definitions properly, which causes it to crash when processing "mounts" specified in your json file. The proper way to get the latest udica release on your machine would probably be by contacting AlmaLinux9 support and requesting that they update the udica rpm with the v0.2.7 release.

[atgreen]

@vmojzis -- What about getting this into Centos Streams 9 / RHEL 9?

[vmojzis]

@atgreen The new version should be available in centos stream 9 now https://kojihub.stream.centos.org/koji/buildinfo?buildID=41752