|
|
|
|
|
|
by heywoodlh
1044 days ago
|
|
|
Ah, I see. So not really container runtime security, more operational/principle of least privilege. Had not accounted for that, I can definitely see how that would be useful. Although, I would say we have definitely strayed far away from the typical definition/security benefits of "rootless" container runtimes. Usually the rootless container threat model accounts for containers or access to the runtime being weaponized -- it's not usually IT preventing you from installing apps. :) Still, thanks for indulging this conversation. (Also, I thought the only way to run Podman containers locally on MacOS was Podman Desktop -- has that changed recently?) |
|
|