alt Hacker NewsWhat's the difference between running Podman and running Docker in rootless mode? (Other than Docker messing with the firewall, which apparently OP doesn't know about… yet). I understand Podman doesn't require a daemon, but is that all there is to it, or is there something I'm missing?
Replies
crimsonnoodle58 • last Thursday at 2:50 AM
Rootless docker is more compatible than podman I found. I experienced crash dumps in say mssql with podman, but not with rootless docker.
Also rootless docker does not bypass ufw like rootful docker does.
The runtime has been designed from the ground up to be run daemonless and rootless. They also have a K8s runtime, that has an extremely small surface, just enough to be K8s compliant.
But podman has also great integration with systemd. With that you could use a socket activated systemd unit, and stick the socket inside the container, instead of giving the container any network at all. And even if you want networking in the container, the podman folks developed slirp4netns, which is user space networking, and now something even better: passt/pasta.