It feels so bad to see the "You need go give Chrome SUID Root for the sandbox to work". Setting a Web Browser SUID Root was an old joke about clueless users. It was the worst security screwup someone could imagine.
replyDon't build your ide on electron then.
replypodman seems to handle rootless namespaces just fine, minor caveat for some perf overhead but it's not the end of the world.
replyAnd volumes. Volumes are not fun with podman. Ironically my team tried GitHub Codespaces and never looked back. Super cheap and uses DevContainers.
replyWhat's the difference between Podman and docker for volumes? Other than needing to add Z to get volumes to mount with SELinux
replyIf you're root on a system and use Docker volumes, you can always `sudo ls` and access those volumes outside of the container.
replyIf you're just a user running containers under Podman, it's more tricky.
Maybe permissions when going rootlesz?
reply