[dada216]

wait till you learn what the docker socket and the API can do and how container can get access to it. docker made bad design choices from the very beginning, mainly the API was designed coarse grained and they use a socket to do things, which is also easily exposed through the network you should not run docker on servers but rather use a better designed container runtime, docker rootless is a thing but it's been bolted on the bad design choice. podman, cri-o, containerd are all better options for servers hosting prod containers. it's kinda fine when you are using it on your dev machine, but I still rather take podman because I find it cleaner, buildah and skopeo are pretty useful as well.