DISA STIG and Docker-CE

Is anyone using DISA STIG for RHEL Profiles and Docker-CE?

I keep receiving the following message:

OCI runtime create failed: copying bootstrap data to pipe caused \"write init-p: broken pipe\"": unknown

We would like to continue to use DISA STIG if possibly.

Base Install: Docker works as expected
CIS Benchmark Server #2: Docker works as expected.

OS: Almalinux 9,1

I narrowed it down to fapolicyd. Does anyone have experience with fapolicyd rules to enable docker.

I am having the same problem. This rule is blocking “docker run hello-world” from working:
rule=5 dec=deny_audit perm=open auid=-1 pid=2563591 exe=/ : path=/usr/lib64/libsseccomp.so.2.5.2 ftype=application/x-sharedlib trust=1
rule=5 dec=deny_audit perm=open auid=-1 pid=2563591 exe=/ : path=/usr/lib64/libc.so.6 ftype=application/x-sharedlib trust=1

(run fapolicyd --permissive --debug-deny)

These libraries are in the trust db. It has to do with this rule
deny_audit perm=any pattern=ld_so : all

I do not know too much about this but I think this is to block ld.so exploits. I am still puzzled what to do about this. It seems like that rule is necessary for STIGs.

OS: Almalinux 9.1 (5.14.0-162.23.1.e19_1.x86_64) with DISA STIG profile (no GUI).
Docker: 23.0.4