diff --git a/tests/test_basic.oci.cil b/tests/test_basic.oci.cil
index ccca30f..a7a5bcd 100644
--- a/tests/test_basic.oci.cil
+++ b/tests/test_basic.oci.cil
@@ -4,6 +4,7 @@
     (allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot ))) 
 
     (allow process ftp_port_t ( tcp_socket (  name_bind ))) 
+    (blockinherit home_container)
     (allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write ))) 
     (allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write ))) 
     (allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open ))) 
@@ -392,5 +393,4 @@
     (allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write ))) 
     (allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open ))) 
     (allow process var_spool_t ( sock_file ( append getattr open read write ))) 
-    (blockinherit home_container)
-)
\ No newline at end of file
+)
diff --git a/udica/__main__.py b/udica/__main__.py
index 37f680f..d72a4b4 100644
--- a/udica/__main__.py
+++ b/udica/__main__.py
@@ -213,7 +213,7 @@ def main():
 
     container_caps = []
 
-    container_caps = engine_helper.get_caps(container_inspect, opts)
+    container_caps = sorted(engine_helper.get_caps(container_inspect, opts))
 
     try:
         create_policy(
diff --git a/udica/policy.py b/udica/policy.py
index a47dbc5..66b0062 100644
--- a/udica/policy.py
+++ b/udica/policy.py
@@ -149,7 +149,7 @@ def create_policy(
         policy.write("\n")
 
     # ports
-    for item in ports:
+    for item in sorted(ports, key=lambda x: x.get("portNumber", 0)):
         if "portNumber" in item:
             policy.write(
                 "    (allow process "
@@ -194,7 +194,7 @@ def create_policy(
 
 
 def write_policy_for_crio_mounts(mounts, policy):
-    for item in mounts:
+    for item in sorted(mounts, key=lambda x: str(x["hostPath"])):
         if item["hostPath"].startswith("/var/lib/kubelet"):
             # These should already have the right context
             continue
@@ -295,7 +295,7 @@ def write_policy_for_crio_mounts(mounts, policy):
 
 
 def write_policy_for_podman_devices(devices, policy):
-    for item in devices:
+    for item in sorted(devices, key=lambda x: str(x["PathOnHost"])):
         contexts = list_contexts(item["PathOnHost"])
         for context in contexts:
             policy.write(
@@ -315,7 +315,7 @@ def write_policy_for_podman_devices(devices, policy):
 
 
 def write_policy_for_podman_mounts(mounts, policy):
-    for item in mounts:
+    for item in sorted(mounts, key=lambda x: str(x["Source"])):
         if not item["Source"].find("/"):
             if item["Source"] == LOG_CONTAINER and item["RW"] is False:
                 policy.write("    (blockinherit log_container)\n")