SELinux should not be an issue if you stick to common directories and use :Z flag after the mount path with docker, afaik podman uses the same mechanism. There’s even a tool for selinux container policies: https://github.com/containers/udica
Regarding firewall stuff, disable it on your machine and you are fine. Port forwarding in containers is necessary to connect to services, now way around.
Ah and read this: https://stopdisablingselinux.com/
It has a reason why it exists.
Only thing I miss is proper support for some services I use. Minikube is afaik still a pain with podman, at least rootless. Gitlab runner still doesn’t support podman completely imho. But a plus to docker is that they still build packages for EL 7 while the podman version in EL 7 is pretty damn old. Besides from that I went podman all the way.
Oh it is not that much, I run adguard DNS with adblocking, searxng as my search engine, vaultwarden as my password manager. All combined with Argo CD as GitOps engine, nginx ingress with cert-manager for lets encrypt certificates, longhorn as storage layer and metallb as loadbalancer solution. I am planning to completely replace my current setup (which is an old sandy bridge powered HP microserver) with a turing pi 2 clusterboard with 4 RPi4 CMs as soon as they get cheaper.
I run k3s and all my stuff runs in it no need to deal with docker anymore.
I don’t but lots of people stick anyways to a single network with some kind of crappy router and from OPs post I assumed that OP doesn’t really care about security, see SELinux