search

containers / udica

This repository contains a tool for generating SELinux security profiles for containers
GNU General Public License v3.0
488 stars 47 forks source link

port ranges are not supported #16

Closed janzarsky closed 5 years ago

janzarsky commented 5 years ago

Describe the bug When running udica on container with ports that are part of a range, it crashes. For example port 8612 is part of a range 8610-8614.

To Reproduce Steps to reproduce the behavior:

  1. podman run -p 8612 fedora bash
  2. udica -i my_container Traceback (most recent call last): File "/usr/bin/udica", line 11, in load_entry_point('udica==0.1.4', 'console_scripts', 'udica')() File "/usr/lib/python3.7/site-packages/udica/main.py", line 107, in main create_policy(opts, container_caps, container_mounts, container_ports) File "/usr/lib/python3.7/site-packages/udica/policy.py", line 118, in create_policy policy.write(' (allow process ' + list_ports(item['hostPort']) + ' ( ' + perms.socket[item['protocol']] + ' ( name_bind ))) \n') TypeError: can only concatenate str (not "NoneType") to str

Expected behavior no traceback

Additional context $ seinfo --portcon 8612 Portcon: 5 portcon sctp 1024-65535 system_u:object_r:unreserved_port_t:s0 portcon tcp 1024-32767 system_u:object_r:unreserved_port_t:s0 portcon tcp 8610-8614 system_u:object_r:ipp_port_t:s0 portcon udp 1024-32767 system_u:object_r:unreserved_port_t:s0 portcon udp 8610-8614 system_u:object_r:ipp_port_t:s0

The same thing happens when running with port that has no context, for example 35000.