Running rootless containers with Podman
As we briefly saw in Chapter 4, Managing Running Containers, it is possible for Podman to let standard users without administrative privileges run containers in a Linux host. These containers are often referred to as "rootless containers."
Rootless containers have many advantages, including the following:
- They create an additional security layer that could block attackers trying to get root privileges on the host, even if the container engine, runtime, or orchestrator has been compromised.
- They can allow many unprivileged users to run containers on the same host, making the most of high-performance computing environments.
Let's think about the approach that's used by any Linux system to handle traditional process services. Usually, the package maintainers tend to create a dedicated user for scheduling and running the target process. If we try to install an Apache web server on our favorite Linux distribution...
