[+0001s] usage: udica [confined_user] [-h] [-V] [-i CONTAINERID] [-j JSONFILE]
[+0001s]                              [--full-network-access] [--tty-access]
[+0001s]                              [--X-access] [--virt-access] [-s STREAMCONNECT]
[+0001s]                              [-l] [-c CAPS] [--devices DEVICES] [-d]
[+0001s]                              [-a FILEAVCS] [-e CONTAINERENGINE]
[+0001s]                              ContainerName
[+0001s] 
[+0001s] Script generates SELinux policy for running container.
[+0001s] 
[+0001s] positional arguments:
[+0001s]   ContainerName         Name for SELinux policy module
[+0001s] 
[+0001s] options:
[+0001s]   -h, --help            show this help message and exit
[+0001s]   -V, --version         show program's version number and exit
[+0001s]   -i CONTAINERID, --container-id CONTAINERID
[+0001s]                         Running container ID
[+0001s]   -j JSONFILE, --json JSONFILE
[+0001s]                         Load json from this file, use "-j -" for stdin
[+0001s]   --full-network-access
[+0001s]                         Allow container full Network access
[+0001s]   --tty-access          Allow container to read and write the controlling
[+0001s]                         terminal
[+0001s]   --X-access            Allow container to communicate with Xserver
[+0001s]   --virt-access         Allow container to communicate with libvirt
[+0001s]   -s STREAMCONNECT, --stream-connect STREAMCONNECT
[+0001s]                         Allow container to stream connect with given SELinux
[+0001s]                         domain
[+0001s]   -l, --load-modules    Load templates and module created by this tool
[+0001s]   -c CAPS, --caps CAPS  List of capabilities, e.g "-c AUDIT_WRITE,CHOWN,DAC_OV
[+0001s]                         ERRIDE,FOWNER,FSETID,KILL,MKNOD,NET_BIND_SERVICE,NET_R
[+0001s]                         AW,SETFCAP,SETGID,SETPCAP,SETUID,SYS_CHROOT"
[+0001s]   --devices DEVICES     List of devices the container should have access to,
[+0001s]                         e.g "--devices /dev/dri/card0,/dev/dri/renderD128"
[+0001s]   -d, --ansible         Generate ansible playbook to deploy SELinux policy for
[+0001s]                         containers
[+0001s]   -a FILEAVCS, --append-rules FILEAVCS
[+0001s]                         Append more SELinux allow rules from file
[+0001s]   -e CONTAINERENGINE, --container-engine CONTAINERENGINE
[+0001s]                         Specify which container engine is used for the
[+0001s]                         inspected container (supports: podman, CRI-O, docker,
[+0001s]                         containerd)
[+0001s] 
[+0001s] Additional options:
[+0001s]   confined_user		Generate policy for a new confined user instead of a container policy
[+0001s] + podman run -d -v /home:/home:ro -v /var/spool:/var/spool:rw -p 21:21 fedora sleep 1h  # ./contrib/cirrus/test.sh:11 in main()
[+0001s] Resolved "fedora" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
[+0001s] Trying to pull registry.fedoraproject.org/fedora:latest...
[+0002s] Getting image source signatures
[+0002s] Copying blob sha256:718a00fe32127ad01ddab9fc4b7c968ab2679c92c6385ac6865ae6e2523275e4
[+0008s] Copying config sha256:368a084ba17dcba88f5b23acfa47481131010219524fd9c41af87d709a04845b
[+0008s] Writing manifest to image destination
[+0009s] Error: OCI runtime error: crun: unknown version specified
[14:11:22] END - [+0009s] total duration since START

Exit status: 126