Comment # 4 on bug 1208071 from Johannes Segitz

I now have the real fix. That leaves us with a couple of denials during boot:
Feb 20 08:59:54 localhost kernel: audit: type=1400 audit(1676883594.092:4):
avc:  denied  { relabelfrom } for  pid=670 comm="systemd-tmpfile" name="issue"
dev="vda3" ino=33751 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file permissive=0
Feb 20 08:59:54 localhost kernel: audit: type=1400 audit(1676883594.092:5):
avc:  denied  { relabelfrom } for  pid=670 comm="systemd-tmpfile"
name="resolv.conf" dev="vda3" ino=33785 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:net_conf_t:s0 tclass=lnk_file permissive=0
Feb 20 08:59:54 localhost kernel: audit: type=1400 audit(1676883594.092:6):
avc:  denied  { relabelfrom } for  pid=670 comm="systemd-tmpfile"
name="yp.conf" dev="vda3" ino=33786 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file permissive=0
Feb 20 08:59:54 localhost kernel: audit: type=1400 audit(1676883594.096:7):
avc:  denied  { relabelfrom } for  pid=670 comm="systemd-tmpfile" name="mtab"
dev="vda3" ino=33752 scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file permissive=0

Strangely the files end up with the correct permissions, will need to check
this further