The main helper for solving this is the following article:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/assembly_blocking-and-allowing-applications-using-fapolicyd_security-hardening#ref_troubleshooting-problems-related-to-fapolicyd_assembly_blocking-and-allowing-applications-using-fapolicyd

By following the instructions there, I was able to identify an example failure. The rule which I added and which solved it in the end was the following:

# At the top of "/etc/fapolicyd/rules.d/30-patterns.rules"
allow perm=open exe=/runc : ftype=application/x-sharedlib trust=1

Followed by running:

systemctl start fapolicyd
fapolicyd-cli --reload #this reload may be extraneous really

There are a handful of articles out there which ask this same question but none which answer it, so hopefully this helps.
* https://forums.docker.com/t/using-docker-ce-with-fapolicyd/147313
* https://forums.docker.com/t/disa-stig-and-docker-ce/134196
* https://www.reddit.com/r/redhat/comments/xvigky/fapolicy_troubleshooting/