I’ve read that standard containers are optimized for developer productivity and not security, which makes sense.

But then what would be ideal to use for security? Suppose I want to isolate environments from each other for security purposes, to run questionable programs or reduce attack surface. What are some secure solutions?

Something without the performance hit of VMs

  • piezoelectron
    link
    fedilink
    arrow-up
    4
    ·
    2 years ago

    Great. I don’t know enough to use either but I think I’m going to try lean on podman from the get go. In any case, I know that all podman commands are exactly identical to Docker, such that you can replace, say, docker compose with podman compose and move on with ease.

    • Guilvareux@feddit.uk
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      With the specific exception of podman compose I completely agree. I haven’t tested it for a while but podman compose has had issues with compose file syntax in my experience. Especially with network configs.

      However, I have been using “docker-compose” with podman’s docker compatible socket implementation when necessary, with great success