[rhatdan]

Sure, and bottom line the OS/Kernel prevent you from doing some things in rootless mode, although we are always attempting to push the boundaries on what is allowed, in a secure way.

Rootless mode works for the great majority of containers, and in most cases users have work arounds for containers that do not work, like binding to ports < 1024. But I agree that understanding these limitations, sometimes requires users to learn new things.

But Security often requires compromise, we don't run all processes as root for a reason in Linux.Running processes with privilege mode by default is way more secure.

[Operative0198]

I don't disagree with what you say. Generally if you pick security over the conventional you are bound to face limitations for the sake of security. But podman as a product compared to docker to me looks very less mature (things like podman-compose should be included in the box 4 years on). I also get the feeling people who compare podman to docker only run wordpress as a test then call it a success without getting deep into what problems both podman and docker solve.