diff --git a/yellow/install.packages b/yellow/install.packages
index e69de29..ae0f2ab 100644
--- a/yellow/install.packages
+++ b/yellow/install.packages
@@ -0,0 +1 @@
+app-containers/podman
diff --git a/yellow/linux.config b/yellow/linux.config
index 65b7a5f..a8fb662 100644
--- a/yellow/linux.config
+++ b/yellow/linux.config
@@ -54,3 +54,8 @@ CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_DEFAULT_SECURITY_SELINUX=y
 # DEFAULT_SECURITY_DAC is not set
+
+CONFIG_POSIX_MQUEUE=y
+CONFIG_MEMCG=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_BLK_CGROUP=y
diff --git a/yellow/overlay/etc/containers/policy.json b/yellow/overlay/etc/containers/policy.json
new file mode 100644
index 0000000..7ed16d6
--- /dev/null
+++ b/yellow/overlay/etc/containers/policy.json
@@ -0,0 +1,32 @@
+{
+    "default": [
+        {
+            "type": "insecureAcceptAnything"
+        }
+    ],
+    "transports": {
+        "docker": {
+	    "registry.access.redhat.com": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ],
+	    "registry.redhat.io": [
+		{
+		    "type": "signedBy",
+		    "keyType": "GPGKeys",
+		    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+		}
+	    ]
+	},
+        "docker-daemon": {
+	    "": [
+		{
+		    "type": "insecureAcceptAnything"
+		}
+	    ]
+	}
+    }
+}
diff --git a/yellow/overlay/etc/containers/registries.conf b/yellow/overlay/etc/containers/registries.conf
new file mode 100644
index 0000000..bf4c657
--- /dev/null
+++ b/yellow/overlay/etc/containers/registries.conf
@@ -0,0 +1 @@
+unqualified-search-registries = ['docker.io', 'quay.io', 'registry.fedoraproject.org']
diff --git a/yellow/portage/target/etc/portage/package.use/iptables b/yellow/portage/target/etc/portage/package.use/iptables
new file mode 100644
index 0000000..98c61ad
--- /dev/null
+++ b/yellow/portage/target/etc/portage/package.use/iptables
@@ -0,0 +1 @@
+net-firewall/iptables conntrack nftables