Yes, the firewall rule altering was what drove us to podman! Was kind of weird to find a container's Postgres wide open on 5432 after a `sudo ufw default deny`. Madness really.

But as said below, the permissions issues got to us.