That was really useful. I had already added a gpio group on the base os,
and a udev rule to set /dev/gpiochip0 to use that group - equivalent of
your permission to 666 - and that's given me full access to the gpio
from the container.
I'll now have to look at what label=disable is doing, and whether this is the
"right way" to access gpio as non root podman.
Many thanks,
Paul