← Back to context

Comment by bmitch3020

8 hours ago

> What I hate about docker and other such solutions is that I cannot install it as nonroot user

There's a rootless [0] option, but that does require some sysadmin setup on the host to make it possible. That's a Linux kernel limitation on all container tooling, not a limitation of Docker.

> and that it keeps images between users in a database.

Not a traditional database, but content addressable filesystem layers, commonly mounted as an overlay filesystem. Each of those layers are read-only and reusable between multiple images, allowing faster updates (when only a few layers change), and conserving disk space (when multiple images share a common base image).

> I want to move things around using mv and cp, and not have another management layer that I need to be aware of and that can end up in an inconsistent state.

You can mount volumes from the host into a container, though this is often an anti-pattern. What you don't want to do is modify the image layers directly, since they are shared between images. That introduces a lot of security issues.

[0]: https://docs.docker.com/engine/security/rootless/

3 comments

bmitch3020

Reply
Alupis  5 hours ago

If I install podman on my Linux machine, it's rootless by default. No fiddling required of me.

Docker could do a lot better job in the packaging of their software. Even major updates require manual uninstalling and reinstalling it... Podman just works.

  • WhyNotHugo  2 hours ago

    I packaged docker-rootless Arch (AUR) and Alpine (community) downstream long ago. I'm sure it's available for other distros too nowadays, although it wasn't at the time.

    Docker could definitely do a much better job of making packaging easier. The docker-rootless just includes an sh script which has several of the files inline and writes them to the target location… assuming you're making a user-only installation (even though other potions of the setup require root intervention).

    So packaging this requires reverse engineering how the installation process works, and extracting some of those inline files from the sh script, and figuring out where they'd be installed for a system-wide location.

  • scoodah  2 hours ago

    While true, what the grandparent comment mentions still applies to podman:

    > I cannot install it as nonroot user

    You still need root privileges to install podman initially.