I’ve read that standard containers are optimized for developer productivity and not security, which makes sense.

But then what would be ideal to use for security? Suppose I want to isolate environments from each other for security purposes, to run questionable programs or reduce attack surface. What are some secure solutions?

Something without the performance hit of VMs

  • dragnucs@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Yes it is. I’ve been using it for more than a year now. Works reliably. Has pod support aswel.

    • piezoelectron
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Great. I don’t know enough to use either but I think I’m going to try lean on podman from the get go. In any case, I know that all podman commands are exactly identical to Docker, such that you can replace, say, docker compose with podman compose and move on with ease.

      • Guilvareux@feddit.uk
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        With the specific exception of podman compose I completely agree. I haven’t tested it for a while but podman compose has had issues with compose file syntax in my experience. Especially with network configs.

        However, I have been using “docker-compose” with podman’s docker compatible socket implementation when necessary, with great success