Fix capability allow rules when capabilities are specified in JSON file

Podman provides capabilities in inspected JSON file, this patch fixin
the issue.

udica/__main__.py

@@ -84,17 +84,17 @@ def main():
         except:
             exit(2)
 
+    container_inspect = parse_inspect(container_inspect_data)
+    container_mounts = container_inspect[0]['Mounts']
+    container_ports = container_inspect[0]['NetworkSettings']['Ports']
+
     if opts['Caps']:
         if opts['Caps'] == 'None':
             container_caps = []
         else:
             container_caps = opts['Caps'].split(',')
     else:
-            container_caps = []
-
-    container_inspect = parse_inspect(container_inspect_data)
-    container_mounts = container_inspect[0]['Mounts']
-    container_ports = container_inspect[0]['NetworkSettings']['Ports']
+        container_caps = container_inspect[0]['EffectiveCaps']
 
     create_policy(opts, container_caps, container_mounts, container_ports)
 

udica/policy.py

@@ -103,7 +103,11 @@ def create_policy(opts,capabilities,mounts,ports):
     if capabilities:
         caps=''
         for item in capabilities:
-            caps = caps + perms.cap[item]
+            # Capabilities parsed from podman inspection JSON file have prefix "CAP_", this should be removed
+            if "CAP_" in item:
+                caps = caps + perms.cap[item[4:]]
+            else:
+                 caps = caps + perms.cap[item]
 
         policy.write('    (allow process process ( capability ( ' + caps  + '))) \n')
         policy.write('\n')