I’m using podman, and I don’t like the practice of unnecessarily setting UIDs. NET_BIND_SERVICE is exactly the flag it needs to set port 80 and it doesn’t potentially complicate accessing the files for maintenance. Does your system have SELinux? If not, that might be why you don’t need it lol.
Vaulwarden does this and I’m really frustrated that I have to
cap_add NET_BIND_SERVICEin my rootless setup just to make my password server run.Are you sure you need that? I just added a —user to the docker run and it started just fine on port 80 in the container.
I’m using podman, and I don’t like the practice of unnecessarily setting UIDs. NET_BIND_SERVICE is exactly the flag it needs to set port 80 and it doesn’t potentially complicate accessing the files for maintenance. Does your system have SELinux? If not, that might be why you don’t need it lol.