afaik it’s still using a daemon, compared to Podman being daemonless? ofc it’s better to run it in userspace, tho I can’t recall if it limited some of the features or not and whether it was easy to set up
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
It amused me that the votes on your comment (a simple factual statement) reflect how many people here vote without knowing what the fuck they’re talking about.
I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
ofc containerisation is still better than running it natively in terms of security (which is why I said “compared to Podman”), but that kind of mostly a side effect of it’s main thing: reproducible runtime environments.
It’s not rly good security tho afaikb and shouldn’t be relied on, but I don’t know too much about it
Isn’t Docker massively insecure when compared to the likes of Podman, since Docker has to run as a root daemon?
I prefer Podman. But Docker can run rootless. It does run under root by default, though.
afaik it’s still using a daemon, compared to Podman being daemonless? ofc it’s better to run it in userspace, tho I can’t recall if it limited some of the features or not and whether it was easy to set up
Not only that but containers in general run on the host system’s kernel, the actual isolation of the containers is pretty minimal compared to virtual machines for example.
It amused me that the votes on your comment (a simple factual statement) reflect how many people here vote without knowing what the fuck they’re talking about.
I think many of the people don’t understand the difference between containers vs VMs
… With the tradeoff being containers much more lightweight and having much less overhead than VMs…
What exactly do you think the vm is running on if not the system kernel with potentially more layers.
Virtual machines do not use host kernel, they run full OS with kernel, cock and balls on virtualized hardware on top of the host OS.
Containers are using the host kernel and hardware without any layer of virtualization
I don’t have in-depth knowledge of the differences and how big that is. So take the following with a grain of salt.
My main point is that using containerization is a huge security improvement. Podman seems to be even more secure. Calling Docker massively insecure makes it seem like something we should avoid, which takes focus away from the enormous security benefit containerization gives. I believe Docker is fine, but I do use Podman myself, but that is only because Podman desktop is free, and Docker files seem to run fine with Podman.
Edit: After reading a bit I am more convinced that the Podman way of handling it is superior, and that the improvement is big enough to recommend it over Docker in most cases.
ofc containerisation is still better than running it natively in terms of security (which is why I said “compared to Podman”), but that kind of mostly a side effect of it’s main thing: reproducible runtime environments. It’s not rly good security tho afaikb and shouldn’t be relied on, but I don’t know too much about it