Udica, plus maybe ausearch | audit2allow -C, makes it easy to generate SELinux policies for containers (works great for me on RHEL10-like distros)

https://www.redhat.com/en/blog/generate-selinux-policies-con...