> I went all in on podman compose last year but went all back because off constant permission errors.

The issue is that "ease of use" and "it just works" come at the expensive of security and the principle of least privilege. Docker makes things easy by running a daemon as root. Rootless Podman forces you to think about permissions and does not stab you in the back by overwriting your firewall rules.

Yes, the firewall rule altering was what drove us to podman! Was kind of weird to find a container's Postgres wide open on 5432 after a `sudo ufw default deny`. Madness really.

But as said below, the permissions issues got to us.