What took them so long?
replies(2):
On Fedora w/ SELinux that led to quite a bit of compatibility issues for a while with lots of quirky things that didn't behave the same.
I think their implementations have gotten pretty stable and improved in compatibility since then
I teach various Linux training courses. One of which is Containers. It always shocks several people per-class how Docker just blatantly ignores and rewrites existing firewall rules. And there's no real option to prevent that unless you want to manually configure ALL network routing.
For me personally, that was one of the big issues the pushed me over to Podman.
Also, Docker's insistence on "forcing" and preventing the disabling of using the malware-ridden Docker Hub didn't help me appreciate their security practices.[]
[]
https://jfrog.com/blog/attacks-on-docker-with-millions-of-ma...
https://www.infosecurity-magazine.com/news/malicious-contain...
https://www.bleepingcomputer.com/news/security/millions-of-d...
https://www.bleepingcomputer.com/news/security/docker-hub-re...
https://sysdig.com/blog/analysis-of-supply-chain-attacks-thr...
... ETC ...
My workaround has been to bind all docker port forwards to localhost and only ever expose them externally via reverse proxy. Which is annoying because that means I can't run the reverse proxy itself in docker.