>>108956429
yes but i just use it to remote control the docker on my home server. i think i can set up podman to do it as they are inter compatible in a lot of ways but that will probably introduce issues

>>108956429
Afaik, it's only a thing on windows with WSL-docker integration, is it not?
Either way, you are severely retarded if you allow agents ot YOLO on your host, instead of simply confining them to devcontainers.

>>108956472
Adding your user to the docker group is part of the official post-install instructions. There is a little warning that you're giving yourself root privileges, but obviously no one paid attention to that.

File: Screenshot 2026-06-01 155359.png (22 KB, 697x255)

22 KB PNG

>>108956429
It's well-established that if a user can run docker then it's equivalent to root. The docs are clear about this.
If you want a coding agent to be able to run docker commands then just run it in a qemu-kvm VM.

>>108956447
I've been planning on migrating completely over to podman quadlets.

>>108956429
no, I do not. isn't docker for those who are too lazy or inept to configure software? I use sandboxing but not containers.

>>108956429
No but I might soon, I've been wanting to try out SearXNG.

>>108956505
it's for those who are employed and work on application servers.

>>108956504
never tried that

either way to run the same compose files you run on docker but in podman on fedora you have to change shit like add selinux markers to volume mounts like

    volumes:
      - conf:/app/conf:Z

its not one-to-one the same as docker and the docker ecosystem IS bigger almost every containerized program has docker instructions before it has kubernetes/podman/anything else

>>108956493
Oh shit, now I remember, I did that too.
So basically any peice of software I run potentially can pull off these docker tricks. Nice.
Anyways, nowadays one should not have more software than necessary. Basically consider that priviledge escalation is baked in the modern Loonix slopware by default. With docker or without it. Exception being minimal systems, custom built ones, etc.
>>108956505
If you're a tranny, you sure can spend several weeks every year writing config files, nobody is stopping you. But most people don't care about that bullshit. Software is supposed to work, not require babysitting on a daily basis.

i've been running 24/7 agents on a couple of machines for a few months now.
not containerised. regular user perms, but they can actually get sudo if they need it.
so far? zero problems.
and yes, they were clean installs when they started so they don't actually have my shit.

>>108956548
>not require babysitting on a daily basis
you do that more often when you use docker

File: 1774856634983411.png (163 KB, 498x359)

163 KB PNG

>>108956429
>Do you have Docker installed on your computer?
uhhm yes, am I kill now?

>>108956582
I don't. Installed it once. Containers spin up when I open a new devcontainer. I would nuke what I don't use once a week maybe. There is no other reason to touch that thing, unless you're some kind of devops idk.

>>108956543
I already have to modify docker compose instructions a lot to try to get slightly more isolation and run rootless. Doing that is like pulling teeth because most people publishing images are complete retards.

>>108956505
For me the advantages of containers are reproducibility and portability (and their semi-declarative nature depending on how you use them). They do also make things easier which is a secondary benefit.

>>108956570
chatgpt post

>>108956779
nah, m8. i'll fuck your mum in her ass kinda post.

>>108956429
literally an "issue" you can solve through RTFM >>108956503

I use podman.

>>108957089
docker is built for morons it should not suggest changing settings that reduce security because morons will blindly follow their suggestions

>>108957098
to be fair, they also linked how to run it truly rootlessly right after that warning
if you then say that should be the default way, I agree
but retards are also retards and if they can't even bother to read then they deserve getting pwn'd

>>108957300
>they deserve getting pwn'd
Disagree. They deserve cloud computing. lmao

>>108957300
why doesn't docker go default rootless while installing it?

>>108957361
ask them, not me

>>108957361
no lol docker rootless is kind of an afterthought response to podman

Docker is amazing. I love her so much I want to impregnate her.

>>108957370
I'm asking you, Fuckface

>>108956429
My docker requires root privileges to run and I'm too lazy to change it. I use WSL.

>>108957377
You said this hoping that someone else would reply, "Docker? I hardly knew her" didn't you?

>>108957399
Yes

>>108957387
you'll remain without an answer then ¯\_(ツ)_/¯

>>108956505
>sandboxing
Elaborate

File: 1696587512294145.jpg (92 KB, 519x519)

92 KB JPG

>>108957409

>>108957443
It's basically a small box around 6 foot by 6 foot and a few inches deep. Filled with sand so kids can play in it. How do you not know this? Third world poster?

>>108957443
It's like this, see. You build a box on the ground, see. Then you fill it with sand, see. Then you throw your computer in the sand, see.

>>108957361
Docker was marketing itself to enterprises as "lightweight virtual machines" and needed root for all the necessary features to make it feel that way to users.

>>108957472
It's amazing Docker is still in business

>>108957361
Idk, when I was doing docker containers and cared about it, job-related, I set it up rootless. There was definitely such an option. But it was a while ago.
Maybe it is simpler and more straightforward for CI/CD pipelines to have that privilidged docker group by default?

>>108957443
firejail --net=none is my best friend when running untrusted software, especially vidya made in unity that constantly tries to send analytics.

>>108956838
grok post

>>108957496
It's amazing you're not dead from AIDS yet

>>108957534
Claude Sonnet post

>>108957541
Bonnie Clyde post

>>108957496
I asked my boss once if we could switch to podman because it's open source and more lightweight and can even run docker-compose shit, he just said "No" lol
we are a small studio of 10 man and very open source oriented, we even develop on firefox first and most of the people use Arch.
Don't know why he said no

>>108957361
just use podman

>>108956623
me neither and I don't waste time with docker

>>108957534
No it's not, I take PrEP

>>108957555
Is your boss CEO of Red Hat Haters?

it's always some brown faggot basedfacing at llms lol

>>108957555
Often cases like this are "don't fix what's not broken"

>>108957652
I never asked him, don't know

>>108956429
Unrelated but spent a few days moving my docker container setup over to podman after deciding to wipe my pi server. It's working well now but did find some images don't work well with rootless podman, or maybe I am just not doing it right.

>>108957660
I'm too lazy to look now, but a few days ago someone posted a story about a """startup""" that wants to attach mini AI data centers to people's homes, and the CEO was an indian larping as a westerner

>>108956429
That Son has lego head.

>>108956429
Yes, I do but my user is not in the Docker group because I'm not a fucking retard and actually understand what that entails.

>>108956429
Another issue that Podman would have prevented. Anyway, you should only run agents on a dedicated and low privilege user.

File: irrelevant.png (142 KB, 667x528)

142 KB PNG

youre just a bunch of retards believing XY problems must be solved with AI, installing a corporate slop without taking any payment or back thought. souless drones

>>108956429
docker is the php of container software. the answer is no ofc not

>>108956504
>migrating completely over to podman quadlets
Once it clicks you wont regret it.

>>108956504
>>108960890
I never used docker until podman quadlets. the entire stack never made any sense to me without .container unit files. I still don’t understand why everything instructs people to use docker compose when a unit file actually integrates with your system.

File: 1756921673590332.png (443 KB, 1000x685)

443 KB PNG

>install a second os on another drive
>encrypt other drives
>give codex full permission

>>108956429
Yes. I have used that trick before.

>>108958913
>docker is the php of container software
It just works?

You can make docker rootless. Normies do not do this however bevause they are fucking retards

I'm so so tired of "i'm fucking retarded and don't know how to use my computer right, so everyone else must be like me" /g/ ops

>ITT: webshits discover what linux namespaces are

>>108956429
>Do you have Docker installed on your computer?
No.

>>108956629
>because most people publishing images are complete retards.
And that right there is the reason. I have no desire to run an entire system's worth of yolo stitched together from questionable sources just to run some retard's "Works on my laptop!" node.js 3 liner that needs all this bullshit because the retard in question is unable to specify a minimum set of requirements for his garbage.

>>108960890
>quadlets
I'm not anti-sunnyD and was a docker-compose head, so these things spooked me once I read about them and had to use them to get my containers working.
I am now one week into my docker to podman switch and they have moved to just fine now. Still miss compose files ngl but getting used to quadlets.

>>108956503
>>108957089
>the docs
The fucking package should be clear on this you evil kikes, why do you force everyone to use it and then say BUT LE FINE PRINT! It stopped being funny or interesting 100 years ago.

>>108956429
Is there a single person who installed docker but didn’t realize it’s a superuser? It screams at you twice. Even third party services that use doxker like winboat scream at you that it’s a su account.
It’s like bitching that the root account you made has root. No shit?

>>108957443
He uses cgroups and namespaces directly like a hackerman