diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a13e78c..0e74c4d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -41,6 +41,8 @@ jobs:
             DOCKER_IMAGE_TAG: latest
           - DOCKER_IMAGE_FLAVOR: dind
             DOCKER_IMAGE_TAG: dind-latest
+          - DOCKER_IMAGE_FLAVOR: dind-rootless
+            DOCKER_IMAGE_TAG: dind-rootless-latest
       fail-fast: true
     steps:
     - name: Show environment variables
diff --git a/image/Dockerfile b/image/Dockerfile
index bc310b6..9307172 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -27,7 +27,7 @@ ARG UPX_COMPRESS=true
 
 ARG BASE_LAYER_CACHE_KEY
 
-# dood|dind
+# dood|dind|dind-rootless
 ARG FLAVOR
 
 RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
@@ -124,7 +124,24 @@ RUN --mount=type=bind,source=.shared,target=/mnt/shared <<EOF
     curl -sSfL "https://raw.githubusercontent.com/moby/moby/v24.0.2/hack/dind" -o /usr/local/bin/dind-hack
     chmod +x /usr/local/bin/dind-hack
 
-    usermod -aG docker act
+    if [[ $FLAVOR == dind-rootless ]]; then
+      # https://docs.docker.com/engine/security/rootless/
+      apt-get install --no-install-recommends -y \
+        dbus-user-session \
+        docker-ce-rootless-extras \
+        kmod \
+        iproute2 \
+        slirp4netns \
+        uidmap
+
+      runuser -u act -g act -- /usr/bin/dockerd-rootless-setuptool.sh install --skip-iptables
+
+      # workaround "failed to load plugin io.containerd.internal.v1.opt  error="mkdir /opt/containerd: permission denied"
+      mkdir /opt/containerd
+      chown act:act /opt/containerd
+    else
+      usermod -aG docker act
+    fi
   fi
 
   echo "#################################################"
diff --git a/image/run.sh b/image/run.sh
index 51c0d2d..c55d636 100644
--- a/image/run.sh
+++ b/image/run.sh
@@ -33,7 +33,31 @@ fi
 #################################################################
 # start docker deamon (if installed = DinD)
 #################################################################
-if [[ -f /usr/bin/dockerd ]]; then
+if [[ -f /etc/init.d/docker-rootless ]]; then
+  export DOCKER_MODE=dind-rootless
+  log INFO "Starting Docker engine (rootless)..."
+  export DOCKER_HOST=unix://$HOME/.docker/run/docker.sock
+  if [ ! -f $HOME/.config/docker/daemon.json ]; then
+    # workaround for "Not using native diff for overlay2, this may cause degraded performance for building images: running in a user namespace  storage-driver=overlay2"
+    mkdir -p $HOME/.config/docker
+    echo '{"storage-driver":"fuse-overlayfs"}' > $HOME/.config/docker/daemon.json
+  fi
+
+  export container=docker # from dind-hack
+  export XDG_RUNTIME_DIR=$HOME/.docker/run
+  mkdir -p $XDG_RUNTIME_DIR
+  rm -f $XDG_RUNTIME_DIR/docker.pid $XDG_RUNTIME_DIR/docker/containerd/containerd.pid
+  /usr/bin/dockerd-rootless.sh -p $HOME/.docker/run/docker.pid > "$HOME/.docker/docker.log" 2>&1 &
+  export DOCKER_PID=$!
+  while ! docker stats --no-stream &>/dev/null; do
+    log INFO "Waiting for Docker engine to start..."
+    sleep 2
+    tail -n 1 /data/.docker/docker.log
+  done
+  echo "==========================================================="
+  docker info
+  echo "==========================================================="
+elif [[ -f /usr/bin/dockerd ]]; then
   export DOCKER_MODE=dind
   log INFO "Starting Docker engine..."
   sudo rm -f /var/run/docker.pid /run/docker/containerd/containerd.pid
diff --git a/image/run_runner.sh b/image/run_runner.sh
index 5c12117..58cccde 100644
--- a/image/run_runner.sh
+++ b/image/run_runner.sh
@@ -15,18 +15,20 @@ cd /data
 #################################################################
 # ensure act user has read/write access to /var/run/docker.sock
 #################################################################
-if [[ ! -w /var/run/docker.sock || ! -r /var/run/docker.sock ]]; then
-  docker_group=$(stat -c '%G' /var/run/docker.sock)
-  if [[ $docker_group == "UNKNOWN" ]]; then
-    docker_gid=$(stat -c '%g' /var/run/docker.sock)
-    docker_group="docker$docker_gid"
-    log INFO "Creating group [$docker_group]..."
-    sudo addgroup --gid $docker_gid $docker_group
-  fi
+if [[ $DOCKER_MODE != "dind-rootless" ]]; then
+  if [[ ! -w /var/run/docker.sock || ! -r /var/run/docker.sock ]]; then
+    docker_group=$(stat -c '%G' /var/run/docker.sock)
+    if [[ $docker_group == "UNKNOWN" ]]; then
+      docker_gid=$(stat -c '%g' /var/run/docker.sock)
+      docker_group="docker$docker_gid"
+      log INFO "Creating group [$docker_group]..."
+      sudo addgroup --gid $docker_gid $docker_group
+    fi
 
-  if ! id -nG act | grep -qw "$docker_group"; then
-    log INFO "Adding user [act] to docker group [$(getent group $docker_group)]..."
-    sudo usermod -aG $docker_group act
+    if ! id -nG act | grep -qw "$docker_group"; then
+      log INFO "Adding user [act] to docker group [$(getent group $docker_group)]..."
+      sudo usermod -aG $docker_group act
+    fi
   fi
 fi