dind VS cascade

> ...anything that expects to be managing docker inside docker.

Now that's an interesting problem to have!

If you trust those tools and don't have untrusted users or untrusted code, you can sometimes just mount /var/run/docker.sock and use the VM/VPS/server's Docker directly. It is actually the approach that was used by excellent tools like Portainer, though it's also really risky as well.

Alternatively, you can try to just run Docker in Docker (DinD), which is a bit more tricky and the opinions there are split about whether to do it and when to do it: https://github.com/jpetazzo/dind

Of course, someone might also jump in and suggest that Docker is architecturally problematic (i don't care much, just want my containers to run, then again; i don't deal with untrusted code or any sort of multitenancy) and you should use Podman or another set of technologies, which is interesting advice but would necessitate other approaches.

In short, like with most technologies: Docker and OCI container in general get more messy as your requirements become more advanced. For the problems that they do solve easily (app packaging), they are pretty good, though!

Yes, that cal docker in docker, for do it you need share the master's partition, please check https://github.com/jpetazzo/dind

From my relatively basic understanding of SELinux, it seems like has a lot of powerful mechanisms for enforcing security policy, but a lackluster interface for actually showing violations or creating robust policy.

Luckily, I think there’s a lot of community work coming up to make these policies easier to write and more robust.

For example: https://github.com/dburgener/cascade