Describe the bug
Custom policy created with udica blocks access to /dev/null
To Reproduce
Steps to reproduce the behavior:
create container with podman, create json file with podman inspect, feed json file to udica
create policy with udica, install with module with semodule -i ...
start container with additional parameter --security-opt label=type:POLICYNAME.process
Expected behavior
Container works as before, only a bit more protected in case of unusual behavior.
Additional context
Container does not start. Running
podman start -i -a container returns Couldn't open /dev/null: Permission denied
Running the container without --security-opt ... works without problem, thus I suspect that the generated policy is a bit too strict.
Describe the bug Custom policy created with udica blocks access to /dev/null
To Reproduce Steps to reproduce the behavior:
podman inspect, feed json file to udicasemodule -i ...--security-opt label=type:POLICYNAME.processExpected behavior Container works as before, only a bit more protected in case of unusual behavior.
Additional context Container does not start. Running
podman start -i -a containerreturnsCouldn't open /dev/null: Permission deniedRunning the container without--security-opt ...works without problem, thus I suspect that the generated policy is a bit too strict.