Enterprise Podman Security: Rootless Containers, SELinux, Backups & Docker Comparison
blog.nviso.eu
Reduce attack surface using Podman's rootless daemonless model, SELinux integration & Docker comparison
  • lambalicious@lemmy.sdf.orgEnglish
    6·
    11 hours ago

    It’s pretty great, and I like that the workflow for creating containers is sliiiightly easier than on Docker. I switched from Docker to Podman for most stuff about a year ago and so far there are only two hiccups that I lament:

    • the higher disk consumption due to not being able to share image storage. (I’ve tried with additionalstorages but that seems to only be respected for podman run; podman build and podman compose seem to ignore it and always pull images from the registries)

    • Some annoying isses with fule permissions due to rootless design - running rootless containers will create files under your user storage that you as a user have no permission to transfer or remove for cleanup or security, and severely breaks the output of tools like du or find due to error spammage.

    • Jayjader@jlai.luEnglish
      2·
      2 hours ago

      In case you omitted the following out of ignorance and not by deliberate choice:

      podman unshare can be used to (mostly) painlessly access the files created by rootless podman.