When building an image from a blueprint, I observed the following AVC denials in the logs:

```
$ sudo ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR

---

time->Tue Jul 19 14:23:26 2022
type=PROCTITLE msg=audit(1658255006.647:968): proctitle=2F7362696E2F73657466696C6573002D71002D63002F7661722F6C69622F73656C696E75782F66696E616C2F74617267657465642F706F6C6963792F706F6C6963792E3333002F7661722F6C69622F73656C696E75782F66696E616C2F74617267657465642F636F6E74657874732F66696C65732F66696C655F636F6E746578
type=PATH msg=audit(1658255006.647:968): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=17930631 dev=fc:04 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1658255006.647:968): cwd="/"
type=EXECVE msg=audit(1658255006.647:968): argc=5 a0="/sbin/setfiles" a1="-q" a2="-c" a3="/var/lib/selinux/final/targeted/policy/policy.33" a4="/var/lib/selinux/final/targeted/contexts/files/file_contexts"
type=SYSCALL msg=audit(1658255006.647:968): arch=c000003e syscall=59 success=yes exit=0 a0=556ce2df2530 a1=556ce34ed6b0 a2=0 a3=2040 items=1 ppid=45226 pid=45227 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setfiles" exe="/usr/sbin/setfiles" subj=system_u:system_r:install_t:s0 key=(null)
type=SELINUX_ERR msg=audit(1658255006.647:968): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:install_t:s0 newcontext=system_u:system_r:setfiles_mac_t:s0
type=AVC msg=audit(1658255006.647:968): avc: denied

{ nnp_transition nosuid_transition } for pid=45227 comm="semodule" scontext=system_u:system_r:install_t:s0 tcontext=system_u:system_r:setfiles_mac_t:s0 tclass=process2 permissive=0
----
time->Tue Jul 19 14:24:01 2022
type=PROCTITLE msg=audit(1658255041.721:973): proctitle=726573746F7265636F6E002D2D002F746D702F696E697472616D66732E696D67
type=PATH msg=audit(1658255041.721:973): item=0 name="/lib64/ld-linux-x86-64.so.2" inode=17930631 dev=fc:04 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1658255041.721:973): cwd="/"
type=EXECVE msg=audit(1658255041.721:973): argc=3 a0="restorecon" a1="--" a2="/tmp/initramfs.img"
type=SYSCALL msg=audit(1658255041.721:973): arch=c000003e syscall=59 success=yes exit=0 a0=5600d6f8c8d0 a1=5600d6f766c0 a2=5600d6fda6a0 a3=8 items=1 ppid=45258 pid=56740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="restorecon" exe="/usr/sbin/setfiles" subj=system_u:system_r:install_t:s0 key=(null)
type=SELINUX_ERR msg=audit(1658255041.721:973): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:install_t:s0 newcontext=system_u:system_r:setfiles_mac_t:s0
type=AVC msg=audit(1658255041.721:973): avc: denied { nnp_transition nosuid_transition }

for pid=56740 comm="dracut" scontext=system_u:system_r:install_t:s0 tcontext=system_u:system_r:setfiles_mac_t:s0 tclass=process2 permissive=0
```

Maybe something that needs to be fixed in selinux-policy, but reporting here first