Podman doesn't work with SELinux disabled

[sjpb]

Fails on this which is first podman command. Output from same shell command:

# sudo -u podman podman system reset --force
ERRO[0000] running `/bin/newuidmap 86262 0 1002 1 1 231072 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot setup namespace using "/bin/newuidmap": should have setuid or have filecaps setuid: exit status 1

On system with selinux disabled:

# getcap /usr/bin/newuidmap /usr/bin/newgidmap
#

On system with selinux in permissive mode (appliance default):

[root@demo-control rocky]# getcap /usr/bin/newuidmap /usr/bin/newgidmap
/usr/bin/newuidmap cap_setuid=ep
/usr/bin/newgidmap cap_setgid=ep

Fix on selinux-disabled system is to run:

# chmod 4755 /usr/bin/newgidmap
# chmod 4755 /usr/bin/newuidmap

Probably this role should check if those file has either setuid or filecaps, and set former if selinux=disabled. Logic needs some care though.

Relevant thread: https://github.com/containers/podman/issues/2788