[foresto]

I run rootless containers on a low-power system.

With Docker, I found rootless setup to be a PITA, despite having experience with unprivileged LXC containers. The manager daemon constantly consumed system resources even when no containers were running. Docker upgrades sometimes refused to run my containers until I chased down whatever storage driver problem they introduced in the latest version.

When the most recent upgrade broke my containers yet again, I decided to give Podman a try. Setup was a breeze. There is no management daemon wasting resources. My containers just worked. Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools.

I think Podman also makes it easy to map host uids to non-root container uids, which ought to help me reduce attack surface. (I haven't actually tried this feature yet.) Last time I checked, Docker did not.

So far, I couldn't be happier.

[bootsmann]

> Even the little cron script I wrote to query Docker for pending image updates just worked with Podman tools

Podman comes with an auto-update flag you can set for containers that uses systemd to do this for you. Takes a bit of reading to get it right but its smooth sailing mostly.

[foresto]

Good to know, but my script is for a different workflow: It checks for updates to remote dependencies of my running custom containers. (For example, when alpine:latest points to something new.) It then prints a message for cron to email to me, noting that it's time to rebuild my custom stuff.