←back to thread

I ditched Docker for Podman

(codesmash.dev)
1101 points codesmash | 1 comments | 05 Sep 25 11:56 UTC | HN request time: 0.204s | source
1. pvtmert ◴[05 Sep 25 21:38 UTC] No.45143934[source]
I mean I get the overall benefits of having rootless and all, but the premise of security in this article is a bit misleading.

Obviously having a daemon running as root is larger attack surface than a program running as the user.

Going to the github.com/containers/podman/releases, the latest release is actually addressing a security risk that involves overwriting files of the host.

    # v5.6.1 (Latest)
    ## Security
    - This release addresses CVE-2025-9566, where Kubernetes YAML run by podman play kube containing ConfigMap and Secret volumes can use crafted symlinks to overwrite content on the host.
As always, the most secure computer is the one that is unplugged & turned off.