From efdf4407abf4012e882a03e3d049014129a944d3 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Wed, 8 Jun 2022 10:02:03 -0400 Subject: [PATCH] Create podman_vs_docker.md --- docker-and-k8s-security/podman_vs_docker.md | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 docker-and-k8s-security/podman_vs_docker.md diff --git a/docker-and-k8s-security/podman_vs_docker.md b/docker-and-k8s-security/podman_vs_docker.md new file mode 100644 index 0000000..190ff5c --- /dev/null +++ b/docker-and-k8s-security/podman_vs_docker.md @@ -0,0 +1,25 @@ +# Podman vs Docker + +- Docker uses a daemon, an ongoing program running in the background, to create images and run containers. +- Podman has a daemon-less architecture which means it can run containers under the user starting the container. +- Docker has a client-server logic mediated by a daemon; Podman does not need the mediator. +- Podman allows for non-root privileges for containers. +- Rootless containers are considered safer than containers with root privileges + +## Podman Rootless? + +- Containers in Podman do not have root access by default, adding a natural barrier between root and rootless levels, improving security. +- Still, Podman can run both root and rootless containers. + +## What about Systemd? +- Without a daemon, Podman needs another tool to manage services and support running containers in the background. +- Systemd creates control units for existing containers or to generate new ones. +- Systemd can also be integrated with Podman allowing it to run containers with systemd enabled by default, without any modification. +- By using systemd, vendors can install, run, and manage their applications as containers since most are now exclusively packaged and delivered this way. + +## Building images +- As a self-sufficient tool, Docker can build container images on its own.  +- Podman requires the assistance of another tool called Buildah, which expresses its specialized nature: it is made for running but not building containers on its own.![image](https://user-images.githubusercontent.com/1690898/172636340-a0963aab-eb27-46d6-ab47-f00c0d9aa680.png) + + +