[curt15]

>LXD is also unprivileged by default

The last time I tried it (a few years ago) you needed to either run `lxc` as root or be a member of the `lxd` group which is equivalent to having root privileges. At that time the ability to launch and enter container instances as an unprivileged user (without a root backdoor like the docker or lxd group) was one of Podman's advantages. Have things changed since then?

[nixcraft]

LXD uses unprivileged containers (user namespace) with the setup done by the root user. All containers run in unprivileged mode by default. However, specific config that only a privileged user can do (mount disks/partitions, setup network devices, allocate more complex mappings for the user namespace etc.) on LXD using the root user or LXD group. Even rootless Podman needs root access in many cases. For example, to open port < 1024, mount EFS/NFS inside; in other edge cases, you can't use rootless Podman. These are Linux kernel limitations last I checked and are sometimes caused by various distros applying other security patches to their kernels too.

LXD supports (all of these have pros and cons, and you must choose one of the type that solves your problem):

1. Privileged containers.

2. Unprivileged containers as an unprivileged user.

3. Unprivileged containers as root.

One frustrating issue is that many developers and IT professionals are reluctant to use Podman due to certain unique situations and edge cases. Docker is more commonly used and tested, making it the preferred option despite Podman's beneficial features.