[bgorman]

"Docker" is just the userspace component of a Linux kernel feature. "Docker" doesn't run anything, the kernel does.

Podman has three main advantages over docker: Not needing to run as root, not requiring a daemon in the background and being packaged directly by linux distros.

[fulafel]

Not so much the distros part, it's not in the latest Ubuntu 20.04 LTS unlike Docker. It's landed in the development branch of Debian though so maybe someday.

(Granted Docker is only in Ubuntu's "universe" section and not as a supported package that would receive security patches etc)

[bgorman]

It is in Fedora and Arch. Ubuntu generally doesn't really follow any technologies anyone other than Canonical pushes out.

[boolcow]

1. systemd runs as root, doesn't bother me that docker daemon does as well, since they do similar things (for me). Only users with access to the socket file have access.

2. I like the idea of not having a daemon but never actually had a problem with this in practice. The daemon has never crashed on me. systemd also has daemons that have also never crashed on me.

3. It's like 3 lines to install the official docker package. This is a non-issue for me.

Those do not sound like very meaningful advantages. Certainly not significant enough for me to want to switch from something that Just Works.

Thanks for the reply though. I'll be sticking with Docker.

[zapita]

The actual advantage of Podman and Buildah is that it is not Docker. Because of the tribal nature of tech communities, that is a desirable property for members of the "anti-Docker" tribe. Everything else is an exercise in retroactively justifying a subjective decision with seemingly objective criteria.

If you don't understand why others are so excited about those tools, it simply means that you're not part of their tribe.

[rtempaccount1]

Podman when not run as root has some significant drawbacks (e.g. containers can't communicate with each other). That's not specific to podman it's just hard to do without root.

Podman has long running processes as well, there's a podman process that'll run once you've launched at least one containner, and a conmon for each container (equivalent to containerd-shim)

Packaged directly... it is by RH and SUSE, don't think by debian/ubuntu. At least for ubuntu, 20.04 packages Docker 19.03 just fine.

[Macha]

Containers within the same pod can certainly communicate with each other without root? I'm running that setup right now for my graylog container and it's mongo and elastic search dependencies

[rtempaccount1]

Within the same pod sure, they share the same netns. I was talking about individual container comms.

With rootless podman they use slirp4netns and all get the same IP, with rootful podman or Docker a bridge network is established so that containers that aren't in the same pod can communicate with each other.

[scaryclam]

Interesting! I now refuse to allow the docker daemon anywhere except a VM on my machine as it does some really stupid things, runs as root etc.

Are there any downsides to podman that you know about?