From Windows containers to LXCs, the home lab ecosystem encompasses a handful of containerization platforms. However, Docker has remained the most popular utility for deploying self-hosted applications and services inside isolated environments – and for good reason. It’s easy to use even for beginners, has solid documentation, and is compatible with an armada of tools.

But once you switch to advanced workloads, you might find Docker containers somewhat lacking. After dabbling in Podman for a while, I've found that the tool has quickly surpassed Docker for my self-hosting tasks.

It’s more secure than Docker

Rootless and daemonless? Sign me up!

Docker, by its very design, relies on a daemon (or background process) called dockerd for all its operations. Whether it’s spinning up a new container or managing the ports on your self-hosted services, dockerd gathers the REST API requests made from your Docker client (Docker Desktop, CLI, or other interfaces) and ensures they’re successfully executed.

Unfortunately, Docker’s reliance on a daemon process increases the attack surface of your server, as hackers have another vulnerability they can exploit. Unless you enable rootless mode in Docker, you’ll have to run your container commands with root privileges, which can lead to privilege escalation should an attacker gain control over your Docker machine.

In contrast, Podman has a daemonless architecture, and relies on the systemd userspace process built into most Linux distros. Unlike Docker, Podman works with rootless privileges by default. While these security threats aren’t a big deal for the casual home labber, you’ll want to use every method of mitigating attack vectors once you step into the hardcore services that involve exposing your home network to the Internet.

Pods simplify container management

Better isolation for your containerized services

I first encountered pods when experimenting with Kubernetes, and they’ve become a large part of my production-oriented/DevOps-learning suite ever since. If you’ve never heard of pods, they’re a way to group a handful of closely associated containers. At the core of every pod, you’ll find an infra container, which stores the port bindings and namespace of the other containers residing inside said pod.

If you’re planning to deploy a mail server, a pod will help you bundle the database, reverse proxy, email client, and other containers into a single unit, making them a lot easier to manage. Plus, the shared network namespace makes it easy to connect the underlying containers inside a pod.

Thankfully, Podman features built-in support for pods, so you don’t have to go through the trouble of setting up K8s just to tinker with container pods. As someone pursuing a career in DevOps, Docker’s lack of support for pods makes it less optimal for my home lab experiments.

Perfect companion for immutable distros

It’s especially useful if you’re a Fedora user

Immutable distros, with their read-only core, are better for workloads where security and stability take priority over all else. However, you lose out on the convenience front, as many of your packages can get wiped out by a system update. This also extends to Docker and its daemon-based design, and you could end up losing all your containerization progress after a major update to the underlying OS.

It’s also the reason why our Lead Technical Editor, Adam Conway, chose Podman over Docker when turning his Steam Deck into a self-hosting war machine. SteamOS aside, Fedora distributions include a pre-installed instance of Podman, so you don’t have to go through a grueling process to set up the platform either.

Nevertheless, Docker has its own perks

If you’re familiar with the Docker CLI, transitioning to Podman is relatively easy, since both platforms have similar commands. That said, Podman loses out to Docker on a couple of fronts. Although Podman has its own Compose plugin alongside the highly useful Quadlet facility, it doesn’t have a proper replacement for Docker Compose. Likewise, Docker Swarm is restricted to the Docker ecosystem, and you’ll have to look into the overly complicated K8s if you want to set up a Podman cluster. But if you’re willing to put up with these drawbacks, you won’t regret switching to Podman.