From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.
- What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
- One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?
Thank you!
Here’s my Navidrome config. This is running on uCore version of CoreOS, with rootless Podman. I made no configuration changes to Podman out-of-the-box, and this is the full compose file.
What are you running Podman on? Perhaps there is some config issue with the host, since you’re having issues with many containers?
services: navidrome: image: deluan/navidrome:latest container_name: navidrome ports: - "3015:4533" restart: unless-stopped environment: # Optional: put your config options customization here. Examples: volumes: - ./data:/data:Z - ./config.toml:/navidrome.toml:Z