Running photoprism on Rocky Linux with podman and selinux

Example podman build here: https://github.com/photoprism/photoprism/discussions/697
Setting selinux contexts and podman hints here: https://lukas.zapletalovi.com/2020/01/deploy-photoprism-in-centos-80.html
Database setup here: https://docs.photoprism.app/getting-started/advanced/databases/

Install tools; open firewall:

# dnf install podman policycoreutils-devel

# firewall-cmd --add-port=2342/tcp

Set the selinux context

# semanage fcontext -a -t public_content_rw_t "/tank/data/pictures(/.*)?"
# restorecon -RvvF /tank/data/pictures

Make a policy for the container to work (photoprism.te):

policy_module(photoprism, 1.0)
require {
        type container_t;
}
miscfiles_manage_public_files(container_t)
userdom_manage_tmp_dirs(container_t)
userdom_manage_tmp_files(container_t)

# make -f /usr/share/selinux/devel/Makefile && semodule -i photoprism.pp

My database build:

CREATE DATABASE photoprism
CHARACTER SET = 'utf8mb4'
COLLATE = 'utf8mb4_unicode_ci';
CREATE USER 'photoprism'@'%' IDENTIFIED BY 'secret';
GRANT ALL PRIVILEGES ON photoprism.* to 'photoprism'@'%';
FLUSH PRIVILEGES;

My podman build script:

#!/bin/bash
podman run --name photoprism \
--userns=keep-id \
-p 2342:2342 \
-v /tank/data/pictures:/photoprism/originals \
-e PHOTOPRISM_ADMIN_PASSWORD=secret \
-e PHOTOPRISM_DEBUG=false \
-e PHOTOPRISM_SITE_URL=http://localhost:2342/ \
-e PHOTOPRISM_ORIGINALS_LIMIT=5000 \
-e PHOTOPRISM_HTTP_COMPRESSION=gzip \
-e PHOTOPRISM_HTTP_HOST=0.0.0.0 \
-e PHOTOPRISM_HTTP_PORT=2342 \
-e PHOTOPRISM_PUBLIC=false \
-e PHOTOPRISM_READONLY=false \
-e PHOTOPRISM_EXPERIMENTAL=false \
-e PHOTOPRISM_DARKTABLE_PRESETS=false \
-e PHOTOPRISM_DATABASE_DRIVER=mysql \
-e PHOTOPRISM_DISABLE_CHOWN=false \
-e PHOTOPRISM_DISABLE_WEBDAV=false \
-e PHOTOPRISM_DISABLE_SETTINGS=false \
-e PHOTOPRISM_DISABLE_TENSORFLOW=false \
-e PHOTOPRISM_DISABLE_FACES=false \
-e PHOTOPRISM_DISABLE_CLASSIFICATION=false \
-e PHOTOPRISM_DETECT_NSFW=false \
-e PHOTOPRISM_JPEG_QUALITY=92 \
-e PHOTOPRISM_JPEG_SIZE=7680 \
-e PHOTOPRISM_UPLOAD_NSFW=true \
-e PHOTOPRISM_DATABASE_DRIVER=mysql \
-e PHOTOPRISM_DATABASE_SERVER=10.19.7.19:3306 \
-e PHOTOPRISM_DATABASE_NAME=photoprism \
-e PHOTOPRISM_DATABASE_USER=photoprism \
-e PHOTOPRISM_DATABASE_PASSWORD=ur80Policy \
-e PHOTOPRISM_SETTINGS_HIDDEN=false \
-e PHOTOPRISM_SIDECAR_JSON=true \
-e PHOTOPRISM_SIDECAR_YAML=true \
-e PHOTOPRISM_SITE_TITLE="PhotoPrism" \
-e PHOTOPRISM_SITE_CAPTION="BrowseYourLife" \
-e PHOTOPRISM_SITE_DESCRIPTION \
-e PHOTOPRISM_SITE_AUTHOR \
-e PHOTOPRISM_THUMB_FILTER=lanczos \
-e PHOTOPRISM_THUMB_UNCACHED=false \
-e PHOTOPRISM_THUMB_SIZE=2048 \
-e PHOTOPRISM_THUMB_SIZE_UNCACHED=7680 \
photoprism/photoprism:latest

Private

Yes