specifically, the hooks patch.
then see https://developers.redhat.com/blog/2016/09/13/running-system... (i.e. 4 years ago when I built containers to do this)
though of course as you note they now say to use podman https://developers.redhat.com/blog/2019/04/24/how-to-run-sys...