When you use a system-level daemon[0], the daemon has to have privileges to star... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mbreese on Feb 11, 2021 \| parent \| context \| favorite \| on: Podman: A Daemonless Container Engine When you use a system-level daemon[0], the daemon has to have privileges to start a container as anyone (that is... root). In a daemon-less environment, you only need the privileges of the user who is starting the container. [0] I suppose you could have a user-level daemon that runs for each user that needs to run containers, but that's even more overhead.

raesene9 on Feb 11, 2021 [–]

Docker does allow for daemonless execution, but as you say one daemon per user will add a bit of overhead.

There's some tradeoff I guess though, between rootful setup and per user, as images duplication per user could add up.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact