Podman has a feature that Docker does not yet have: Socket activation of containers. I created a proof-of-concept demo of how to run an nginx container with rootless Podman and socket activation.

Using socket activation has some security and performance advantages:

- Native network performance over the socket-activated socket

- Possibility to restrict the network in the container

- Possibility to at the same time restrict the network in Podman and the OCI runtime

- The source IP address is preserved

- Podman installation size can be reduced