Got an idea from Reddit:
Dangerous-Report8517
I'd suggest looking into user namespace mapping - Podman defaults to host namespace mapping for convenience (in the rootless world this means that your UID gets mapped to UID 0 in the container), but you can configure it to map container users in a number of different ways, including arbitrary fixed UID/GID mappings as long as they're within the user's subUID and subGID ranges (a bit counter-intuitively you do this by setting the user namespace mode to auto and you can then pass fixed ranges to it as parameters). This lets you have that Linux user/group permission isolation without needing to run each set of containers in a completely different host user account. Might save you from having to run as root to use this if you switched over to that model.
https://docs.podman.io/en/v4.6.1/markdown/options/userns.container.html
Got an idea from Reddit:
Dangerous-Report8517
I'd suggest looking into user namespace mapping - Podman defaults to host namespace mapping for convenience (in the rootless world this means that your UID gets mapped to UID 0 in the container), but you can configure it to map container users in a number of different ways, including arbitrary fixed UID/GID mappings as long as they're within the user's subUID and subGID ranges (a bit counter-intuitively you do this by setting the user namespace mode to auto and you can then pass fixed ranges to it as parameters). This lets you have that Linux user/group permission isolation without needing to run each set of containers in a completely different host user account. Might save you from having to run as root to use this if you switched over to that model.
https://docs.podman.io/en/v4.6.1/markdown/options/userns.container.html