Closed guystreeter closed 4 years ago
Hi @guystreeter,
Can you share version of podman and udica?
It looks like there is change in podman between 1.9 and 2.0.
@rhatdan, Is there any change in inspect json output?
Thanks, Lukas.
podman-2.0.3-1.fc32.x86_64
udica-0.2.1-2.fc32.noarch
Could be, some fields were changed to better match the inspect in Docker.
I tried adding "-e docker" and it looks like it enabled the ports. I'll test it later.
I tried the new policy generated with "-e docker" and it is working.
Describe the bug I created a rootless pod for an application that listens on 9000 and 3483 tcp, and 3483 udp. Using the policy generated by udica, I get
name_bind
denials on all 3 ports.To Reproduce
Expected behavior The application should be able to listen on the published ports
Additional context This is the generated policy:
These are the AVC messages:
Re-running udica with these messages adds these lines to the policy:
With this revised policy, the application can operate successfully.