switch from docker to podman

[Xyz00777]

Is your feature request related to a problem? Please describe. Yes. I would like Kasm to move away from Docker altogether and exclusively support Podman as the container backend. While Docker is workable for compliance and security when configured properly, Podman’s rootless, daemonless approach reduces the complexity and risk of misconfiguration (like running it as root and not rootless), providing a simpler and more inherently secure foundation for containerized environments.

Describe the solution you'd like Ditch Docker and use Podman: Completely transition Kasm to use Podman. Rootless by Default: Embrace Podman’s rootless model to lower the risks tied to privilege escalations.

Describe alternatives you've considered Continuing with Docker: While still viable, Docker introduces additional layers of complexity, such as reliance on a daemon and a higher risk from root-level operations. Supporting Both Docker and Podman: This might split the focus and maintenance effort, potentially slowing down improvements and security enhancements.

Additional context By implementing Podman, Kasm can provide a more robust, security-focused containerization platform for organizations/and self host users. Rootless Podman helps mitigate the impact of misconfigurations and reduces the overall attack surface, aligning with the trend toward zero-trust, compliance-centric deployments.

[PackElend]

Hello, has there been any disussion about this somewhere?

I would like to run Kasm Workspaces on Fedore Core OS which uses Podman instead of Docker (I could install docker but want to stay with the defaults).

[Xyz00777]

not that im aware of, currently i dont really have mutch time but on my to do list still stands the topic to do it at least with an ansible script and also maybe overwork the complete ansible script if possible because executing a script inside of ansible is not near best practice. but im not sure if this would be enough, or if they really have to do something on there site. Wasnt able to look into it :/ And if this is the wrong repository, please maintainers let me know where i should reopen this issue :)

[mmcclaskey]

I'm going to move this to the Workspaces issue project, since the question is with respect to the platform and not KasmVNC. You could likely run the Kasm Workspace images (desktops and app containers) directly with podman, but to run the Workspaces platform on podman is not supported. It is not something that we could likely support as we use the python docker SDK to control docker, which is the docker REEST API. Podman does not support the docker rest api, but from what I understand you can enable it, but it is not 100% compatible or 100% implemented. Additionally, since Podman is rootless, I couldn't say if Kasm would work. I suspect it would take a fair amount of effort on our end to add support for Podman at the platform level.

[PackElend]

Which features rely on the REST API?

[Xyz00777]

hi, thank you very mutch for moving it into the correct repository, and sorry that it was the wrong one. i absolutely understand that this is nothing who is just be done with exchanging the docker command with podman. maybe you need this? https://github.com/containers/podman-py the point is, podman is by design mutch more secure than docker based on that its rootless by design which you also already mentioned. beside of the switch to podman i would highly recommend to make kasm rootless either way so even when a attacker could break out of a container or the webui the system is not getting completely overtaken directly... edit: seen that there is already an issue for that #62. but maybe a complete switch to podman could also solve this issue, because yes running docker as rootless is even more annoying than podman, because you are not able to update podman and compose as system binarys and you have to download both every time new with the script...