Link:
MicroOS with Podman seems amazing! You can enable automatic updates for both the server and pods/containers
Something you can do easily on any OS. Auto-updates are easy. What’s more work is implementing secure automatic decryption of user data during boot with attestation or something like clevis/tang.
Link:
Podman containers are rootless so way less attack surface
Can also be done…