Adjust for read-only containers
Now that https://git.autistici.org/ai3/float/-/merge_requests/160 has been merged, all the containers are effectively read-only now, and /run is on a tmpfs - your containers might need some tweaking for pidfiles etc, make sure 1) the container image has /run chmod 1777 2) if you need /run/something to exist, create it at startup time ("1" is a bit unfortunate but podman thinks /run is special and I can't seem to set a mode on the mount).
We need to see if things work with this new reality, and change things as necessary to make it work.