(podman-desktop.io)

180 points teleforce | 1 comments | 14 Apr 25 17:16 UTC | HN request time: 0.216s | source

Show context

orthoxerox ◴[14 Apr 25 20:20 UTC] No.43685880[source]▶

What is the killer feature that will make me want to switch from Docker Compose to Podman Quadlets?

replies(7): >>43685989 #>>43685992 #>>43686728 #>>43687129 #>>43687706 #>>43688911 #>>43690483 #

eriksjolund ◴[14 Apr 25 20:32 UTC] No.43685992[source]▶

Podman quadlet supports "Socket activation of containers" https://github.com/containers/podman/blob/main/docs/tutorial... This allows you to run a network server with `Network=none` (--network=none). If the server would be compromised, the intruder would not have the privileges to use the compromised server as a spam bot. There are other advantages, such as support for preserved source IP address and better performance when running a container with rootless Podman + Pasta in a custom network.

replies(2): >>43687323 #>>43687533 #

infogulch ◴[14 Apr 25 23:15 UTC] No.43687323[source]▶

>>43685992 #

That's neat. Does it require 1 connection = 1 process to work? I don't see how you can have a long running server with this feature.

replies(2): >>43687543 #>>43687660 #

1. xyzzy_plugh ◴[15 Apr 25 00:08 UTC] No.43687660[source]▶

>>43687323 #

No, the init process hands over the listener FD allowing the server to accept() connections.

You can also do 1 connection = 1 process, though, but it's absolutely not required nor particular common these days.

↑

Podman Quadlets with Podman Desktop