[pepemon]

Well if you're uncomfortable with its priviged daemon, you can always switch to CRI-O with Red Hat tooling for it. But for all my years with Docker as the container runtime, all security related problems have occured within the backend code, not Docker, not Linux cgroups, not Linux itself.

[freedomben]

I've worked with some big customers in the financial industry, and this is exactly what we do. Podman implements the same CLI as docker, so you can basically just `s/docker/podman/g` (as long as you don't use docker-compose).

It's also a lot easier to debug and see what's happening without that daemon sitting in the middle of all the traditional linux tools.