Describe the bug
Custom policy created with udica blocks access to /dev/null
To Reproduce
Steps to reproduce the behavior:
create container with podman, create json file with podman inspect, feed json file to udica
create policy with udica, install with module with semodule -i ...
start container with additional parameter --security-opt label=type:POLICYNAME.process
Expected behavior
Container works as before, only a bit more protected in case of unusual behavior.
Additional context
Container does not start. Running
podman start -i -a container returns Couldn't open /dev/null: Permission denied
Running the container without --security-opt ... works without problem, thus I suspect that the generated policy is a bit too strict.
Describe the bug Custom policy created with udica blocks access to /dev/null
To Reproduce Steps to reproduce the behavior:
podman inspect
, feed json file to udicasemodule -i ...
--security-opt label=type:POLICYNAME.process
Expected behavior Container works as before, only a bit more protected in case of unusual behavior.
Additional context Container does not start. Running
podman start -i -a container
returnsCouldn't open /dev/null: Permission denied
Running the container without--security-opt ...
works without problem, thus I suspect that the generated policy is a bit too strict.