I went from rkt to podman. Podman is compatible with Docker, including the socket/API, but is similar to rkt in that it launches the container as a child when ran directly (versus Docker, which runs all containers and storage operations under the daemon). Podman also has integration with systemd[1] though it mostly just generates boilerplate for you, since it works a lot closer to how actual daemons work. (P.S.: You might want `--new` if you want a new container each time the unit starts.)
Podman also supports running in "rootless" mode, using kernel.unprivileged_userns_clone and subuid/subgids for the sandboxing and slirp4netns for the networking. This obviously isn't exactly the same as rootful networking, but it works well enough for 99% of the use cases.
If you are running Linux, I think using Podman instead of Docker is generally a no-brainer. I think the way they've approached rootless support is a lot better than Docker and things "just work" more often than not.
Podman also supports running in "rootless" mode, using kernel.unprivileged_userns_clone and subuid/subgids for the sandboxing and slirp4netns for the networking. This obviously isn't exactly the same as rootful networking, but it works well enough for 99% of the use cases.
If you are running Linux, I think using Podman instead of Docker is generally a no-brainer. I think the way they've approached rootless support is a lot better than Docker and things "just work" more often than not.
[1]: https://docs.podman.io/en/latest/markdown/podman-generate-sy...