[JohnMakin]

Sorry but what you said makes absolutely no sense. The security implication I am talking about is that in a typical container the application cannot escalate privilege out of the container and touch the host, with the exception of obvious things like shared file systems, etc. This is a known benefit of containerization and not at all controversial.

[SPascareli13]

The thing about your comment is that it seems that you believe containers are something you use for added security, and that is very much not the case.

But I don't disagree about rootless containers being more secure than rooted ones, just as much as any process not running as root has less privileges then one running as root.

[sgarland]

Bold of you to assume that most devs are running containers with a non-root user.

[xnyan]

Devs maybe, but the author is talking about production environments which are definitely moving to rootless.

[bravetraveler]

'Production' is an interesting appeal to authority, if I may risk using terms improperly.

My 'toy' controller/replica are production but due to planning - have no weight. Two people care in the 'oh that's mildly inconvenient' sense when they break. Everything moves on.

To lean into hyperbole a bit: for every shop that's rootless, there are nine that are rootful.

I don't say any of this to be defeatist, more... realistic. There's:

    1) what people say they do 
    2) what people actually do

These can be, but don't have to be, the same.

It's surely trending positively, but I'm also not interested in arguing about window dressing while the house is on fire.

What does SELinux or AppArmor look like in this hypothetical, disabled per usual? Plenty of work to do. No pats on the back yet.

I say all of this a bit heavily - not OP. Closely related to some heated talks I've had this week. It's easy to bike-shed endlessly

[JohnMakin]

rootless has been the standard convention for a long time. if you’re in any industry that gets regulularly audited this is one of the first things they look for.