I’ve read that standard containers are optimized for developer productivity and not security, which makes sense.

But then what would be ideal to use for security? Suppose I want to isolate environments from each other for security purposes, to run questionable programs or reduce attack surface. What are some secure solutions?

Something without the performance hit of VMs

  • piezoelectron@sopuli.xyz
    1·
    1 year ago

    Do you think Podman is ready to take over Docker? My understanding is that Podman is Docker without the root requirement.

    • dragnucs@lemmy.ml
      2·
      1 year ago

      Yes it is. I’ve been using it for more than a year now. Works reliably. Has pod support aswel.

      • piezoelectron@sopuli.xyz
        0·
        1 year ago

        Great. I don’t know enough to use either but I think I’m going to try lean on podman from the get go. In any case, I know that all podman commands are exactly identical to Docker, such that you can replace, say, docker compose with podman compose and move on with ease.

        • Guilvareux@feddit.uk
          2·
          1 year ago

          With the specific exception of podman compose I completely agree. I haven’t tested it for a while but podman compose has had issues with compose file syntax in my experience. Especially with network configs.

          However, I have been using “docker-compose” with podman’s docker compatible socket implementation when necessary, with great success