Comment # 3 on bug 1186158 from Thorsten Kukuk

(In reply to G.M. Venekamp from comment #2)
> Using podman 3.2.0 and starting the docker API as a regular user, i.e.
> systemctl --user start podman yield the same issues that SELinux forbids
> reading /run/user/1000/podman/podman.sock The socket is readable from
> outside a container, but from the inside SELinux is preventing access to it.

That's exatlx what SELinux should do and is designed for, so everything is
working. Accessing the podman.sock from inside a container is really dangerous
security wise.

If you really need that, you need to learn SELinux and adjust the policy for
your use case (or look if somebody has already a solution documented
somewhere).
But we will not allow this by default.