I am having the same problem. This rule is blocking “docker run hello-world” from working:
rule=5 dec=deny_audit perm=open auid=-1 pid=2563591 exe=/ : path=/usr/lib64/libsseccomp.so.2.5.2 ftype=application/x-sharedlib trust=1
rule=5 dec=deny_audit perm=open auid=-1 pid=2563591 exe=/ : path=/usr/lib64/libc.so.6 ftype=application/x-sharedlib trust=1
(run fapolicyd --permissive --debug-deny)
These libraries are in the trust db. It has to do with this rule
deny_audit perm=any pattern=ld_so : all
I do not know too much about this but I think this is to block ld.so exploits. I am still puzzled what to do about this. It seems like that rule is necessary for STIGs.
OS: Almalinux 9.1 (5.14.0-162.23.1.e19_1.x86_64) with DISA STIG profile (no GUI).