alt Hacker NewsYou can also run Docker itself in rootless mode[1]. And if for some reason you don't want to run Docker, you can also use Podman or Incus instead, and they both support Docker images, as well as running unpriviliged. Finally, there's also Flox[2], which is a Nix-based application Sandbox, that I believe would align more towards your (and OP's) use case (unless you specifically require Docker image compatibility).
So unfortunately your example doesn't illustrate why Apptainer is a better option.
For a long time you couldn’t run Docker in rootless mode. So Singularity/Apptainer was developed so that the benefit of containers could be used with shared HPC clusters. Podman also didn’t exist at the time.
I don’t know why we should have waited for docker to get around to supporting a more secured use-case.
With Docker, security has always seemed like an afterthought, which seemed perfectly reasonable considering their original use-case. But that’s not tenable on $$$ HPC clusters with thousands of users. So, the HPC world developed their own solution, better adapted to that environment.