Podman has a feature that Docker does not yet have: Socket activation of containers.
I created a proof-of-concept demo of how to run an nginx container with rootless Podman and socket activation.
Using socket activation has some security and performance advantages:
- Native network performance over the socket-activated socket
- Possibility to restrict the network in the container
- Possibility to at the same time restrict the network in Podman and the OCI runtime
eriksjolund|3 years ago
Using socket activation has some security and performance advantages:
- Native network performance over the socket-activated socket
- Possibility to restrict the network in the container
- Possibility to at the same time restrict the network in Podman and the OCI runtime
- The source IP address is preserved
- Podman installation size can be reduced