From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.

  1. What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
  2. One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?

Thank you!

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    10 hours ago

    this post of mine

    You have a typo in the title for the section about backups.

    In that post you use the compose format. Have you used quadlet? My understanding is that’s the “preferred” way to do things, I’ve also had some issues and am trying to decide if it’s worth it. Any thoughts?

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      10 hours ago

      I run 50+ containers with rootless Podman compose (on CoreOS) and haven’t encountered any unsolvable issues so far.

      I’ve never tried quadlets but haven’t found a need or any driving reason to do so.