I’ve read that standard containers are optimized for developer productivity and not security, which makes sense.

But then what would be ideal to use for security? Suppose I want to isolate environments from each other for security purposes, to run questionable programs or reduce attack surface. What are some secure solutions?

Something without the performance hit of VMs

  • piezoelectron@sopuli.xyz
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    Do you think Podman is ready to take over Docker? My understanding is that Podman is Docker without the root requirement.

    • dragnucs@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Yes it is. I’ve been using it for more than a year now. Works reliably. Has pod support aswel.

      • piezoelectron@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        2 years ago

        Great. I don’t know enough to use either but I think I’m going to try lean on podman from the get go. In any case, I know that all podman commands are exactly identical to Docker, such that you can replace, say, docker compose with podman compose and move on with ease.

        • Guilvareux@feddit.uk
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          With the specific exception of podman compose I completely agree. I haven’t tested it for a while but podman compose has had issues with compose file syntax in my experience. Especially with network configs.

          However, I have been using “docker-compose” with podman’s docker compatible socket implementation when necessary, with great success