From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.
- What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
- One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?
Thank you!
Needing to deal with the services for startup for every single compose stack seems like such a pain to me, that’s one of the big reasons I haven’t switched.
Nothing stops you to run them all from the same unprivileged user and start them all at once with a single command.
Set once and forget style.