Does this apply to podman as well?
Good question, I don’t know if Podman has a thing like Docker socket
It does, but it’s disabled by default. It’s explicitly for docker compatibility though, not a core part of the application.
I’ve seen this done with namespaces as well. Which should work for podman.
How?
userns-remapI remember seeing another method that was more manual that would have worked for Podman, but I can’t seem to find it now.
Hmm this seems like a solution to an extremely specific problem that may have been created by using docker for things outside its wheelhouse. Why would I have docker automation that I only trust to do specific things?
You might want a nice overview dashboard of your docker services but the tool shouldn’t be able to interfere. I think homepage (the tool) was mentioned as an example since they have a docker integration that only needs reading access
