> Thus, even limited users executing Docker commands are getting those commands fulfilled by a process with root privileges, a further security concern.
I would say: A complete security nightmare which make all kind of "smaller" security issues in other places (e.g. IDE) WAY worse and would put docker on a ban-list if the industry really did care about security.
Through then you _can_ setup docker without this vulnerability AFIK it's just not done by default in most setups and I'm not sure how hard it is.
Docker is already on an informal ban list when it come to US government container deployments in higher classification environments. Most of those situations require Podman based solutions.
This is also related to the Client Server model supported by Docker versus the Fork/Exec Model supported by Podman.
Podman works closely with the HPC (High Performance Computing) world. Checkout the article about how the fastest computers in the world in the most secure facilities in the world are using Podman.
Because by default it does not, and default matter (a lot!).
Also license and cost aspects.
Like ask 100 devs which have Linux and Docker, I would be surprised if more then 10 made sure that docker _can only run_ without root rights (and there are two ways to do so with different complexity and consequences).
Not so much a blacklist as just a cost saving measure, as the other advantage Podman has is you don’t have to pay the Mirantis bill, both in terms of money and IT overhead.
So there’s the answer: industry doesn’t care. Industry is all about ‘just turn off UAC, just run it all as administrator, just click to bypass the unsigned driver dialogs’ as long as it works.
I would say: A complete security nightmare which make all kind of "smaller" security issues in other places (e.g. IDE) WAY worse and would put docker on a ban-list if the industry really did care about security.
Through then you _can_ setup docker without this vulnerability AFIK it's just not done by default in most setups and I'm not sure how hard it is.