[willglynn]

`docker` implies access to the Docker daemon, which is not an improvement over the setuid binaries anderspitman found distasteful.

https://docs.docker.com/engine/security/security/#docker-dae...

[lxdquestion]

Genuine question, would LXD be any better? I'm not an expert in containerization but I find it really interesting.

There are some blogs that talk about how to do this: https://blog.simos.info/how-to-easily-run-graphics-accelerat...

[sadfklsjlkjwt]

If it runs in the same Xwindows session no.

[folmar]

If your docker is in fact podman your rootless might be attainable.