aniki, 1 year ago (edited 6 months ago)

1.) No one runs rooted docker in prod. Everything is run rootless.

2.) That’s just patently not true. docker inspect is your friend. Also you can build your own containers trusting no-one. FROM Scratch hub.docker.com/_/scratch/

3.) I think mess here is subjective. Docker folders makes way more sense than Snap mounts.