diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 648eb1c44c..907f18830b 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -550,9 +550,10 @@ allow_env(p_process, i_process, s_name) {
     print("allow_env: p env =", p_process.Env)
     print("allow_env: i env =", i_process.Env)
 
-    every i_var in i_process.Env {
-        allow_var(p_process, i_process, i_var, s_name)
-    }
+    # TODO: re-enable after fixing https://github.com/kata-containers/kata-containers/issues/9239.
+    # every i_var in i_process.Env {
+    #    allow_var(p_process, i_process, i_var, s_name)
+    # }
 
     print("allow_env: true")
 }
diff --git a/src/tools/genpolicy/src/registry.rs b/src/tools/genpolicy/src/registry.rs
index 6009dad6e4..13e0bf2276 100644
--- a/src/tools/genpolicy/src/registry.rs
+++ b/src/tools/genpolicy/src/registry.rs
@@ -41,7 +41,7 @@ struct DockerConfigLayer {
 struct DockerImageConfig {
     User: Option<String>,
     Tty: Option<bool>,
-    Env: Vec<String>,
+    Env: Option<Vec<String>>,
     Cmd: Option<Vec<String>>,
     WorkingDir: Option<String>,
     Entrypoint: Option<Vec<String>>,
@@ -159,8 +159,10 @@ impl Container {
             process.Terminal = false;
         }
 
-        for env in &docker_config.Env {
-            process.Env.push(env.clone());
+        if let Some(config_env) = &docker_config.Env {
+            for env in config_env {
+                process.Env.push(env.clone());
+            }
         }
 
         let policy_args = &mut process.Args;