One of the main advantage of podman is that, it respects the firewall rules. Docker don’t do that. Also having rootless podman means if somehow the container went rogue, it cannot have access to your root directory and perform malicious actions.

Also podman is a drop in replacement for docker. It does not need much configurations to setup. If you need compose, you might need to install podman-compose as well.

A rootless container is good for security.

A lifetime old basic rule is never run anything as root, not even your podman :)

I only ever use rootless podman jn my system and I fond it pretty easy to actually run: zero effort whatsoever.

Why you say it’s complicated?

Yes I always create one unprivileged user (not even in the sudoers or wheel group ofc) for every service I containerize. And create a dedicated network for the service too.

It only takes a few lines in a normal docker compose yaml.

Also I use docker compose on podman, yes docker compose not podman compose.

Edit2: refer to this post of mine on how installed immich on rootless podman https://wiki.gardiol.org/doku.php?id=services%3Aimmich as you can see, the most complex part is… Useradd & mkdir LOL

Edit: also podman play nice with iptables and nft (which should be always preferred nowadays) instead docker can mess your system good, and don’t work with nft tables, unless quirks quirks…