Sure, and bottom line the OS/Kernel prevent you from doing some things in rootless mode, although we are always attempting to push the boundaries on what is allowed, in a secure way.
Rootless mode works for the great majority of containers, and in most cases users have work arounds for containers that do not work, like binding to ports < 1024. But I agree that understanding these limitations, sometimes requires users to learn new things.
But Security often requires compromise, we don't run all processes as root for a reason in Linux.Running processes with privilege mode by default is way more secure.
I don't disagree with what you say. Generally if you pick security over the conventional you are bound to face limitations for the sake of security. But podman as a product compared to docker to me looks very less mature (things like podman-compose should be included in the box 4 years on). I also get the feeling people who compare podman to docker only run wordpress as a test then call it a success without getting deep into what problems both podman and docker solve.
Rootless mode works for the great majority of containers, and in most cases users have work arounds for containers that do not work, like binding to ports < 1024. But I agree that understanding these limitations, sometimes requires users to learn new things.
But Security often requires compromise, we don't run all processes as root for a reason in Linux.Running processes with privilege mode by default is way more secure.