I use nftables to set my firewall rules. I typically manually configure the rules myself. Recently, I just happened to dump the ruleset, and, much to my surprise, my config was gone, and it was replaced with an enourmous amount of extremely cryptic firewall rules. After a quick examination of the rules, I found that it was Docker that had modified them. And after some brief research, I found a number of open issues, just like this one, of people complaining about this behaviour. I think it’s an enourmous security risk to have Docker silently do this by default.
I have heard that Podman doesn’t suffer from this issue, as it is daemonless. If that is true, I will certainly be switching from Docker to Podman.
Is it? Last time I tried none of my docker compose files would start correctly in podman compose.
podman-compose is different from docker-compose. It runs your containers in rootless mode. This may break certain containers if configured incorrectly. This is why I suggested podman-docker, which allows podman to emulate docker, and the native docker-compose tool. Then you use
sudo docker-compose
to run your compose files in rootful mode.How is Podman rootful better than Docker? I was mostly attracted by the rootless path, but the breakage deterred me. Would you be so kind to tell me ?
It isn’t that much better. I use it as drop-in docker replacement. It’s better integrated with things like cockpit though and the idea is that it’s easier to eventually migrate to rootless if you’re already in the podman ecosystem.
Ok that sounds intetesting, I’ve found Cockpit easier to use than Proxmox, I’m new to virtualization and I don’t want do nesting… I fear it will complicate things when I’ll need to do GPU passthrough.
How is Podman integrated into Cockpit?
Also, I had so much trouble trying to bridge my Home Assistant VM to my LAN. Are there any tutorials on how to do this from Cockpit?
deleted by creator