1. 25
  1.  

  2. 5

    Podman v4.1 is also our first release to support Docker Compose v2.2.0 and up. Since our v3.0 release over a year ago, Podman has supported Compose v1

    Apparently I missed that Podman gained Docker Compose support. Last time I looked this wasn’t well supported and prevented me from switching to it completely. Might have to reinvestigate.

    1. 2

      I use Docker extensively as a research/data scientist in order to have portal development environments. I teach Data Science to graduate students and also require them to use Docker, despite the security concerns. Our usual model of usage has us setting up the development environment (typically Rstudio) inside the container but mounting the project directory from the host inside using -v.

      I recently tried to get Podman to work for this workflow and had some major challenges with the permissions on the mounts. With much finagling with user IDs I could get it it so that I could read/write the files from inside the container but not outside OR from outside but not inside. With Docker I can trivially read/write from both inside and outside.

      Podman’s ability to run rootless is very attractive to me, but I can’t resolve this issue. Anyone know how?

      1. 3

        Depends on what the permission issue is but probably first look at the z/Z volume options in the man page where it describes the –volume parameter.

        The same option is needed for Docker as well with SELinux enabled, so that may be the actual difference if you tried them on different distributions.

        1. 2

          What security concerns do you have with Docker?

          1. 8

            A user in the docker group can access the docker socket, meaning they can start privileged containers that run as full root without even running sudo first. It’s sudo NOPASSWD exposed over a UNIX socket for any process to exploit at their leisure.

            This is not automatically bad, I use passwordless sudo on machines on my local network. And cloud instances often give the default user passwordless sudo. But I doubt most people who use docker on their workstations know they have effectively enabled passwordless root.

        2. 1

          podman machine is a very nice experience on Windows.

          1. 1

            Interesting that in the other post on the homepage, about Fedora 36, they say they ship with 4.0.

            1. 3

              The 4.1 release will most likely soon be an update in Fedora 36…

              https://koji.fedoraproject.org/koji/packageinfo?packageID=26289

              1. 2

                Distros need to cut things off sometimes. I’m sad that they discontinued their kubic apt repository after it landed in Ubuntu, because the version that landed there is 3.4.4. It looks like if I want newer on Ubuntu I’m back to building my own debs like I was before the kubic apt repository was a thing.