Fucking podman... Oh man. I have lost way too many hours dealing with podman.
It's frustrating, because they've put so much into it. It's close enough that vendors think they can get away with saying their containers are compatible and they've probably really honestly tested for brief periods and it really usually is close enough that you don't discover the differences until you're already very well established, but then it's just a little different and it takes you FOREVER to find out why but then the only option once you do find that out is to completely start over from scratch with docker. And, almost no vendor is going to treat them differently because if we talk to redhat, the first note we'll get back is that everything we're trying to do should be fully compatible and there should be no need to worry about that. And, then eventually after a few weeks, it's docker's fault that IT WORKS IN DOCKER AND NOT IN PODMAN. Docker needs to go fix it so it's broken for them too, it's not a bug for podman, the problem is with the one that's working.
I'm a bit traumatized, not always the same, but this isn't a singular occurrence.
I generally agree with you, but wasn't SELinux primarily the NSA and Tresys? I know it's a primarily Red Hat thing now, but I think it would have existed in some form without them.