Podman: A tool for managing OCI containers and pods.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by mheon over 2 years ago
This is the first release candidate of Podman v4.2.0. Full release notes are not available at present, but will be for the next RC (expected Monday, July 18, 2022).
Published by mheon over 2 years ago
podman load
command now mirrors that of docker load
.podman play kube
command could panic if the --log-opt
option was used (#13356).--sdnotify=conmon
option could send MAINPID
twice.podman info
command could fail when run inside an LXC container.podman machine
VMs on Windows, containers could be prematurely terminated with API forwarding was not running (#13965).--security-opt
option to podman run
and podman create
did not support the no-new-privileges:true
and no-new-privileges:false
options (the only supported separator was =
, not :
) (#14133).--network none
or --network ns:/path/to/ns
) could not be restored from checkpoints (#14389).podman-restart.service
could, if enabled, cause system shutdown to hang for 90 seconds (#14434).podman stats
command would, when run as root on a container that had the podman network disconnect
command run on it or that set a custom network interface name, return an error (#13824).podman pod create
command would error when the --uidmap
option was used (#14233).--network=host
would receive a private network namespace (#13763).podman machine rm --force
would remove files related to the VM before stopping it, causing issues if removal was interrupted.podman logs
would omit the last line of a container's logs if the log did not end in a newline (#14458).--file-locks
option to podman container restore
was ignored, such that file locks checkpointed by podman container checkpoint --file-locks
were not restored.--sig-proxy
enabled at the exact moment the container that was attached to exited could cause error messages to be printed.podman machine start
command more than once (simultaneously) on the same machine would cause errors.podman stats
command could not be run on containers that were not running (it now reports all-0s statistics for Docker compatibility) (#14498).STDERR
output even if the quiet
parameter was true.podman auto-update
command now creates an event when it is run.Published by mheon over 2 years ago
This release is only intended to provide a set of Podman v3.0 Go bindings than can be used with a Podman v3 service. No user-facing changes have been made.
Published by mheon over 2 years ago
DOCKER_BUILDKIT=0
.podman container clone
. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.podman machine inspect
. This command provides details on the configuration of machine VMs.podman machine set
command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new --cpus
, --disk-size
, and --memory
options (#13633).machine_events.*\.sock
in XDG_RUNTIME_DIR/podman
or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK
environment variable.podman volume mount
and podman volume unmount
. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).podman machine
now automatically mount the host's $HOME
into the VM, to allow mounting volumes from the host into containers.podman container checkpoint
and podman container restore
options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.podman play kube
command now supports environment variables that are specified using the fieldRef
and resourceFieldRef
sources.podman play kube
command will now set default resource limits when the provided YAML does not include them (#13115).podman play kube
command now supports a new option, --annotation
, to add annotations to created containers (#12968).podman play kube --build
command now supports a new option, --context-dir
, which allows the user to specify the context directory to use when building the Containerfile (#12485).podman container commit
command now supports a new option, --squash
, which squashes the generated image into a single layer (#12889).podman pod logs
command now supports two new options, --names
, which identifies which container generated a log message by name, instead of ID (#13261) and --color
, which colors messages based on what container generated them (#13266).podman rmi
command now supports a new option, --ignore
, which will ignore errors caused by missing images.podman network create
command now features a new option, --ipam-driver
, to specify details about how IP addresses are assigned to containers in the network (#13521).podman machine list
command now features a new option, --quiet
, to print only the names of configured VMs and no other information.--ipc
option to the podman create
, podman run
, and podman pod create
commands now supports three new modes: none
, private
, and shareable
. The default IPC mode is now shareable
, indicating the the IPC namespace can be shared with other containers (#13265).--mount
option to the podman create
and podman run
commands can now set options for created named volumes via the volume-opt
parameter (#13387).--mount
option to the podman create
and podman run
commands now allows parameters to be passed in CSV format (#13922).--userns
option to the podman create
and podman run
commands now supports a new option, nomap
, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.podman import
command now supports three new options, --arch
, --os
, and --variant
, to specify what system the imported image was built for.podman inspect
command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns:
option to podman run
, podman create
, and podman pod create
.podman run
and podman create
commands now support a new option, --chrootdirs
, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts
, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).podman run
and podman create
commands now support a new option, --passwd-entry
, allowing entries to be added to the container's /etc/passwd
file.podman images --format
command now accepts two new format directives: {{.CreatedAt}}
and {{.CreatedSince}}
(#14012).podman volume create
command's -o
option now accepts a new argument, o=noquota
, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049).podman info
command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).--net=container:
option to podman run
, podman create
, and podman pod create
now conflicts with the --add-host
option.slirp4netns
) to ensure they can connect to containers started the upgrade./etc/hosts
file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf
: base_hosts_file
(to specify a nonstandard location to source the base contents of the container's /etc/hosts
) and host_containers_internal_ip
(to specify a specific IP address for containers' host.containers.internal
entry to point to).podman image trust show
command now includes information on the transport mechanisms allowed.container_uuid
environment variable (#13187).podman events
.--privileged
and --cap-add
flags are no longer mutually exclusive (#13449).--mount
option to podman create
and podman run
could not create anonymous volumes (#13756).podman machine set
command can no longer be used while the VM being updated is running (#13783).podman generate systemd
are now prettyprinted for increased readability.file
event log driver now automatically rotates the log file, preventing it from growing beyond a set size.--no-trunc
flag to podman search
now defaults to false
, to ensure output is not overly verbose.podman play kube
command did not record the raw image name used to create containers.podman machine
could not start containers which forwarded ports when run on a host with a proxy configured (#13628).podman machine
command could not be connected to when the username of the current user was sufficiently long (#12751).podman system reset
command on Linux did not fully remove virtual machines created by podman machine
.podman machine rm
command would error when removing a VM that was never started (#13834).podman manifest push
command could not push to registries that required authentication (#13629).podman version --format
command could not return the OS of the server (#13690).podman play kube
command would error when a volume specified by a configMap
already existed (#13715).podman play kube
command did not respect the hostNetwork
setting in Pod YAML (#14015).podman play kube
command would, when the --log-driver
flag was not specified, ignore Podman's default log driver (#13781).podman generate kube
command could generate YAML with too-long labels (#13962).podman logs --tail=1
command would fail when the log driver was journald
and the container was restarted (#13098).podman network connect
and podman network disconnect
commands could leave invalid entries in /etc/hosts
(#13533).--tls-verify option to the
remote Podman client's podman build
command was nonfunctional.podman pod inspect
command incorrectly reported whether the pod used the host's network (#14028).-p 8080:8080
) would be bound to IPv6 addresses (#12292).podman info
could report an incorrect path to the socket used to access the Podman service (#12023).no_hosts
option in containers.conf
(#13719).bridge
.removing
status (#13986).tlsVerify
parameter.podman play kube
on a YAML that only includes configMap
objects (and no pods or deployments) now prints a much clearer error message.Published by mheon over 2 years ago
podman container clone
. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.podman machine inspect
. This command provides details on the configuration of machine VMs.podman machine set
command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new --cpus
, --disk-size
, and --memory
options (#13633).machine_events.*\.sock
in XDG_RUNTIME_DIR/podman
or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK
environment variable.podman volume mount
and podman volume unmount
. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).podman machine
now automatically mount the host's $HOME
into the VM, to allow mounting volumes from the host into containers.podman container checkpoint
and podman container restore
options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.podman play kube
command now supports environment variables that are specified using the fieldRef
and resourceFieldRef
sources.podman play kube
command will now set default resource limits when the provided YAML does not include them (#13115).podman play kube
command now supports a new option, --annotation
, to add annotations to created containers (#12968).podman play kube --build
command now supports a new option, --context-dir
, which allows the user to specify the context directory to use when building the Containerfile (#12485).podman container commit
command now supports a new option, --squash
, which squashes the generated image into a single layer (#12889).podman pod logs
command now supports two new options, --names
, which identifies which container generated a log message by name, instead of ID (#13261) and --color
, which colors messages based on what container generated them (#13266).podman rmi
command now supports a new option, --ignore
, which will ignore errors caused by missing images.podman network create
command now features a new option, --ipam-driver
, to specify details about how IP addresses are assigned to containers in the network (#13521).podman machine list
command now features a new option, --quiet
, to print only the names of configured VMs and no other information.--ipc
option to the podman create
, podman run
, and podman pod create
commands now supports three new modes: none
, private
, and shareable
. The default IPC mode is now shareable
, indicating the the IPC namespace can be shared with other containers (#13265).--mount
option to the podman create
and podman run
commands can now set options for created named volumes via the volume-opt
parameter (#13387).--mount
option to the podman create
and podman run
commands now allows parameters to be passed in CSV format (#13922).--userns
option to the podman create
and podman run
commands now supports a new option, nomap
, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.podman import
command now supports three new options, --arch
, --os
, and --variant
, to specify what system the imported image was built for.podman inspect
command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns:
option to podman run
, podman create
, and podman pod create
.podman run
and podman create
commands now support a new option, --chrootdirs
, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts
, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).podman run
and podman create
commands now support a new option, --passwd-entry
, allowing entries to be added to the container's /etc/passwd
file.podman images --format
command now accepts two new format directives: {{.CreatedAt}}
and {{.CreatedSince}}
(#14012).podman volume create
command's -o
option now accepts a new argument, o=noquota
, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049).podman info
command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).--net=container:
option to podman run
, podman create
, and podman pod create
now conflicts with the --add-host
option.slirp4netns
) to ensure they can connect to containers started the upgrade./etc/hosts
file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf
: base_hosts_file
(to specify a nonstandard location to source the base contents of the container's /etc/hosts
) and host_containers_internal_ip
(to specify a specific IP address for containers' host.containers.internal
entry to point to).podman image trust show
command now includes information on the transport mechanisms allowed.container_uuid
environment variable (#13187).podman events
.--privileged
and --cap-add
flags are no longer mutually exclusive (#13449).--mount
option to podman create
and podman run
could not create anonymous volumes (#13756).podman machine set
command can no longer be used while the VM being updated is running (#13783).podman generate systemd
are now prettyprinted for increased readability.file
event log driver now automatically rotates the log file, preventing it from growing beyond a set size.--no-trunc
flag to podman search
now defaults to false
, to ensure output is not overly verbose.podman play kube
command did not record the raw image name used to create containers.podman machine
could not start containers which forwarded ports when run on a host with a proxy configured (#13628).podman machine
command could not be connected to when the username of the current user was sufficiently long (#12751).podman machine rm
command would error when removing a VM that was never started (#13834).podman manifest push
command could not push to registries that required authentication (#13629).podman version --format
command could not return the OS of the server (#13690).podman play kube
command would error when a volume specified by a configMap
already existed (#13715).podman play kube
command did not respect the hostNetwork
setting in Pod YAML (#14015).podman generate kube
command could generate YAML with too-long labels (#13962).podman logs --tail=1
command would fail when the log driver was journald
and the container was restarted (#13098).podman network connect
and podman network disconnect
commands could leave invalid entries in /etc/hosts
(#13533).--tls-verify option to the
remote Podman client's podman build
command was nonfunctional.podman pod inspect
command incorrectly reported whether the pod used the host's network (#14028).-p 8080:8080
) would be bound to IPv6 addresses (#12292).no_hosts
option in containers.conf
(#13719).bridge
.removing
status (#13986).tlsVerify
parameter.podman play kube
on a YAML that only includes configMap
objects (and no pods or deployments) now prints a much clearer error message.Published by mheon over 2 years ago
podman container clone
. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.podman machine inspect
. This command provides details on the configuration of machine VMs.podman volume mount
and podman volume unmount
. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).podman machine
now automatically mount the host's $HOME
into the VM, to allow mounting volumes from the host into containers.podman container checkpoint
and podman container restore
options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.podman play kube
command now supports environment variables that are specified using the fieldRef
and resourceFieldRef
sources.podman play kube
command will now set default resource limits when the provided YAML does not include them (#13115).podman play kube
command now supports a new option, --annotation
, to add annotations to created containers (#12968).podman play kube --build
command now supports a new option, --context-dir
, which allows the user to specify the context directory to use when building the Containerfile (#12485).podman container commit
command now supports a new option, --squash
, which squashes the generated image into a single layer (#12889).podman pod logs
command now supports two new options, --names
, which identifies which container generated a log message by name, instead of ID (#13261) and --color
, which colors messages based on what container generated them (#13266).podman rmi
command now supports a new option, --ignore
, which will ignore errors caused by missing images.podman network create
command now features a new option, --ipam-driver
, to specify details about how IP addresses are assigned to containers in the network (#13521).podman machine list
command now features a new option, --quiet
, to print only the names of configured VMs and no other information.--ipc
option to the podman create
, podman run
, and podman pod create
commands now supports three new modes: none
, private
, and shareable
. The default IPC mode is now shareable
, indicating the the IPC namespace can be shared with other containers (#13265).--mount
option to the podman create
and podman run
commands can now set options for created named volumes via the volume-opt
parameter (#13387).--mount
option to the podman create
and podman run
commands now allows parameters to be passed in CSV format (#13922).--userns
option to the podman create
and podman run
commands now supports a new option, nomap
, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.podman import
command now supports three new options, --arch
, --os
, and --variant
, to specify what system the imported image was built for.podman inspect
command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns:
option to podman run
, podman create
, and podman pod create
.podman run
and podman create
commands now support a new option, --chrootdirs
, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts
, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).podman run
and podman create
commands now support a new option, --passwd-entry
, allowing entries to be added to the container's /etc/passwd
file.--net=container:
option to podman run
, podman create
, and podman pod create
now conflicts with the --add-host
option.slirp4netns
) to ensure they can connect to containers started the upgrade./etc/hosts
file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf
: base_hosts_file
(to specify a nonstandard location to source the base contents of the container's /etc/hosts
) and host_containers_internal_ip
(to specify a specific IP address for containers' host.containers.internal
entry to point to).podman image trust show
command now includes information on the transport mechanisms allowed.container_uuid
environment variable (#13187).podman events
.--privileged
and --cap-add
flags are no longer mutually exclusive (#13449).--mount
option to podman create
and podman run
could not create anonymous volumes (#13756).podman machine set
command can no longer be used while the VM being updated is running (#13783).podman generate systemd
are now prettyprinted for increased readability.file
event log driver now automatically rotates the log file, preventing it from growing beyond a set size.podman play kube
command did not record the raw image name used to create containers.podman machine
could not start containers which forwarded ports when run on a host with a proxy configured (#13628).podman machine
command could not be connected to when the username of the current user was sufficiently long (#12751).podman machine rm
command would error when removing a VM that was never started (#13834).podman manifest push
command could not push to registries that required authentication (#13629).podman version --format
command could not return the OS of the server (#13690).podman play kube
command would error when a volume specified by a configMap
already existed (#13715).podman play kube
command did not respect the hostNetwork
setting in Pod YAML (#14015).podman generate kube
command could generate YAML with too-long labels (#13962).podman logs --tail=1
command would fail when the log driver was journald
and the container was restarted (#13098).podman network connect
and podman network disconnect
commands could leave invalid entries in /etc/hosts
(#13533).--tls-verify option to the
remote Podman client's podman build
command was nonfunctional.no_hosts
option in containers.conf
(#13719).bridge
.removing
status (#13986).tlsVerify
parameter.podman play kube
on a YAML that only includes configMap
objects (and no pods or deployments) now prints a much clearer error message.Published by mheon over 2 years ago
podman top
on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.Published by mheon over 2 years ago
Published by mheon over 2 years ago
podman images
command could, under some circumstances, take an excessive amount of time to list images (#11997).Published by mheon over 2 years ago
podman machine rm --force
command will now remove running machines as well (such machines are shut down first, then removed) (#13448).podman machine
VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).--device
option to podman run
and podman create
would not be accessible within the container.containers.conf
(#13411).podman play kube
command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).podman machine rm
command would not remove the Podman API socket on the host that was associated with the VM.podman version
command could sometimes print excess blank lines as part of its output.podman generate systemd
command would sometimes generate systemd services with names beginning with a hyphen (#13272)..dockerignore
file (#13529).podman machine
could not bind ports to specific IPs on the host (#13543).podman system df
were incorrect (#13516).podman stats
were incorrect (#13597).--no-healthcheck
option would still display healthcheck status in podman inspect
(#13578).podman pod rm
command could print a warning about a missing cgroup (#13382).podman exec
command could sometimes print a timed out waiting for file
error after the process in the container exited (#13227).podman machine
were not tolerant of changes to the path to the qemu binary on the host (#13394).podman build
command did not properly handle the context directory if a Containerfile was manually specified using -f
(#13293).systemd
as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c
(#13324).systemd
as init, print a warning message about the rootless network namespace (#13703).podman system service
did not delegate all cgroup controllers, resulting in podman info
queries against the remote API returning incorrect cgroup controllers (#13710).slirp4netns
port forwarder for rootless Podman would only publish the first port of a range (#13643).Published by lsm5 over 2 years ago
Published by mheon over 2 years ago
podman play kube
command did not honor the mountPropagation
field in Pod YAML (#13322).--build=false
option to podman play kube
was not honored (#13285).--volumes-from
) could, under certain circumstances, exit with errors that it could not delete some volumes if the other container did not exit before it ([#12808](https://github.com/containers/podman/issue\CONTAINERS_CONF
environment variable was not propagated to Conmon, which could result in Podman cleanup processes being run with incorrect configurations.Published by mheon over 2 years ago
podman top
on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.podman network connect
command now supports three new options, --ip
, --ip6
, and --mac-address
, to specify configuration for the new network that will be attached.podman network create
command now allows the --subnet
, --gateway
, and --ip-range
options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.--network
option to podman create
, podman pod create
, podman run
, and podman play kube
can now, when specifying a network name, also specify advanced network options such as alias
, ip
, mac
, and interface_name
, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube
command can now specify the --net
option multiple times, to connect created containers and pods to multiple networks.podman create
, podman pod create
, and podman run
commands now support a new option, --ip6
, to specify a static IPv6 address for the created container or pod to use.-o mode=
option.ipvlan
, is now available.podman info
command will now print the network backend in use (Netavark or CNI).containers.conf
via the network_backend
field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout
, that suppresses all output to STDOUT.podman rm --force
, podman pod rm --force
, podman volume rm --force
, podman network rm --force
) now accept a --time
option to specify the timeout on stopping the container before resorting to SIGKILL
(identical to the --time
flag to podman stop
).podman run
and podman create
commands now support a new option, --passwd
, that uses the /etc/passwd
and /etc/groups
files from the image in the created container without changes by Podman (#11805).podman run
and podman create
commands now support a new option, --hostuser
, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create
and podman run
commands now support two new options, --unsetenv
and --unsetenv-all
, to clear default environment variables set by Podman and by the container image (#11836).podman rm
command now supports a new option, --depend
, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls
, podman ps
) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*
).podman pod create
command now supports the --volume
option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create
command now supports the --device
option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create
command now supports the --volumes-from
option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create
command now supports the --security-opt
option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create
command now supports the --share-parent
option, which defaults to true, controlling whether containers in the pod will use a shared cgroup parent.podman pod create
command now supports the --sysctl
option, allowing sysctls to be configured automatically for all containers in the pod.podman events
command now supports the --no-trunc
option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init
command now supports a new VM type, wsl
, available only on Windows; this uses WSL as a backend for podman machine
, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init
command now supports a new option, --now
, to start the VM immediately after creating it.podman machine init
command now supports a new option, --volume
, to mount contents from the host into the created virtual machine.podman machine
now automatically mount the Podman API socket to the host, so consumers of the Podman or Docker APIs can use them directly from the host machine (#11462).podman machine
now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine
now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT
into the VM.podman machine ssh
command now supports a new option, --username
, to specify the username to connect to the VM with.podman machine
now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80
), the UDP protocol, and containers created using the slirp4netns
network mode (#11528 and #11728).podman system connection rm
command supports a new option, --all
, to remove all available connections (#12018).podman system service
command's default timeout is now configured via containers.conf
(using the service_timeout
field) instead of hardcoded to 5 seconds.--mount type=devpts
option to podman create
and podman run
now supports new options: uid
, gid
, mode
, and max
.--volume
option to podman create
and podman run
now supports a new option, :idmap
, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U
option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount
option to podman create
and podman run
, as well as the --volume
option where it was already available.:O
option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.:O
option for volumes now supports two additional options, upperdir
and workdir
, which allow for specifying custom upper directories and work directories for the created overlay filesystem.--rootfs
) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O
.podman save
command has a new option, --uncompressed
, which saves the layers of the image without compression (#11613).passthrough
, which logs all output directly to the STDOUT and STDERR of the podman
command; it is intended for use in systemd-managed containers.podman build
command now supports two new options, --unsetenv
and --all-platforms
.podman image prune
command now supports a new option, --external
, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune
have been added for Docker compatibility: podman builder prune
and podman buildx prune
.podman play kube
command now supports a new option, --no-hosts
, which uses the /etc/hosts
file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube
command now supports a new option, --replace
, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube
command now supports a new option, --log-opt
, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube
command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd
command now supports a new option, --template
, to generate template unit files.podman generate systemd
command now supports a new option, --start-timeout
, to override the default start timeout for generated unit files (#11618).podman generate systemd
command now supports a new option, --restart-sec
, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd
command now supports three new options, --wants
, --after
, and --requires
, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint
and podman container restore
commands can now print statistics about the checkpoint operation via a new option, --print-stats
.podman container checkpoint
and podman container restore
commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks
.podman container restore
command can now be used with containers created using the host IPC namespace (--ipc=host
).podman container checkpoint
and podman container restore
commands now handle checkpointing and restoring the contents of /dev/shm
.podman container checkpoint
and podman container restore
commands are now supported with the remote Podman client (#12007).podman inspect
command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list
command now supports a new option, --filter
, to filter what secrets are returned.podman image scp
command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd
.podman image sign
command now supports a new option, --authfile
, to specify an alternative path to authentication credentials (#10866).podman load
command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push
command now supports a new option, --compression-format
, to choose the compression algorithm used to compress image layers.podman volume create
command now allows volumes using the local
driver that require mounting to be used by non-root users. This allows tmpfs
and bind
volumes to be created by non-root users (#12013).podman dial-stdio
, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub
option in containers.conf
(#12320).make install
makefile target no longer implicitly builds Podman, and will fail if make
was not run prior to it.podman rm --depends
, podman rmi --force
, and podman network rm --force
commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force
on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.podman system reset
command now removes all networks on the system, in addition to all volumes, pods, containers, and images.CONTAINER_HOST
environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect
on a container has had its JSON tag renamed from Healthcheck
to Health
for improved Docker compatibility. An alias has been added so that using the old name with the --format
option will still work (#11645).podman inspect
on a container (SecondaryIPAddresses
and SecondaryIPv6Addresses
) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force
command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search
command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal
entry in /etc/hosts
for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap
and --gidmap
(#12669).Configured
state is now named Created
, and the previous Created
state is now Initialized
. The podman ps
command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect
.podman machine stop
command will now log when machines are successfully stopped (#11542).podman machine stop
command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman machine
now delegate more cgroup controllers to the rootless user used to run containers, allowing for additional resource limits to be used (#13054).podman stop
command will now log a warning to the console if the stop timeout expires and SIGKILL
must be used to stop the container (#11854).--no-trunc
argument to the podman search
command now defaults to true.rootlessport
port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls
command now has a separate output column to show which connection is currently the default (instead appending *
to the default connection's name) (#12019).--kernel-memory
option to podman run
and podman create
has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit
binary used for podman run --init
). This allows pods to be easily used on systems without an internet connection.--rootless-cni
option to podman unshare
has been renamed to --rootless-netns
. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir
option to all Podman commands has been renamed to --network-config-dir
as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format
option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external
flag previously required --all
to also be specified; this is no longer truepodman-machine-cni
CNI plugin has been integrated directly into Podman. The podman-machine-cni
plugin is no longer necessary and should be removed.--device
flag to podman create
, podman run
, and podman pod create
would previously refuse to mount devices when Podman was run as a non-root user and no permission to access the device was available; it will now mount these devices without checking permissions (#12704).host
) (#11448).podman save
command was not automatically removing signatures from saved images.podman run --rm
to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps
to return an error if a container was removed while the command was running (#11810).podman play kube
would result in errors (#11803).:z
and :Z
options would be relabelled every time a container was started, not just the first time.podman tag
command on a manifest list could tag an image in the manifest, and not the manifest list itself.podman inspect
(#13083).--userns=keep-id
) could not have any ports forwarded to them.podman system connection ls
command would not print any output (including headers) if no connections were present.--memory-swappiness
option to podman create
and podman run
did not accept 0 as a valid value.containers.conf
for Podman would sometimes not be applied (#12296)./etc/resolv.conf
was a symlink to a directory (#12461).podman container restore
could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy
option to be used (with no effect); --signature-policy
is not supported by the remote client (#12357).EXPOSE
could not be run (#12293).:latest
tag (#11964).--blkio-weight-device
option to podman create
and podman run
was nonfunctional.podman generate systemd
command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname
and --pod new:
options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls
printed networks was not deterministic.podman kill
command would sometimes not print the ID of containers that were killed.podman machine
did not match their timezone to the host system (#11895).podman build
command did not properly propagate non-0 exit codes from Buildah when builds failed.podman build
command could fail to build images when the remote client was run on Windows and the Containerfile contained COPY
instructions (#13119).--secret
option to the podman build
command was nonfunctional.podman build
command would error if given a relative path to a Containerfile (#12841 and #12763).podman generate kube
command would sometimes omit environment variables set in containers from generated YAML.userns=auto
in containers.conf
was not respected (#12615).podman run
command would fail if the host machine did not have a /etc/hosts
file (#12667).podman inspect
reporting incorrect information (#12671).podman inspect
command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube
command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create
command would ignore the default infra image specified in containers.conf
(#12771).host.containers.internal
entry in /etc/hosts
was set incorrectly to an inaccessible host IP for macvlan
networks (#11351).--userns=auto
) (#12779).cgroupfs
(#12802).--env
option to podman create
and podman run
(#12056).podman stats
command would not show network usage statistics on containers using slirp4netns
for networking (#11695)./dev/shm
mount in the container was not mounted with nosuid
, noexec
, and nodev
mount options.--shm-size
option to podman create
and podman run
interpeted human-readable sizes as KB instead of KiB, and GB instead of GiB (such that a kilobyte was interpreted as 1000 bytes, instead of 1024 bytes) (#13096).--share=cgroup
option to podman pod create
controlled whether the pod used a shared Cgroup parent, not whether the Cgroup namespace was shared (#12765).slirp4netns
network mode was run inside a systemd unit file, systemd could kill the slirp4netns
process, which is shared between all containers for a given user (thus causing all slirp4netns
-mode containers for that user to be unable to connect to the internet) (#13153).podman network connect
and podman network disconnect
commands would not update /etc/resolv.conf
in the container to add or remove the DNS servers of the networks that were connected or disconnected (#9603).noTrunc
query parameter is now ignored as such (#11894).stream=true
query parameter (#12115).Label
and Labels
in the provided JSON configuration (#12102).containers.conf
(#12550).PODMAN_USERNS
environment variable (#11350).HostConfig.StorageOpt
field (#11016).Mounts
field (#12734).sha256:
.size
field (#12468).quiet
query parameter (#12566).aux
JSON (which included the ID of built images) in returned output (#12063).Content-Type
in its responses (#13148).Died
events for containers to die
(previously, died
was used; this was incompatible with Docker's output).exitCode
field in Died
events for containers.TimeNano
field.Published by mheon over 2 years ago
This is the fifth release candidate of Podman v4.0.0.
Preliminary release notes follow:
podman network connect
command now supports three new options, --ip
, --ip6
, and --mac-address
, to specify configuration for the new network that will be attached.podman network create
command now allows the --subnet
, --gateway
, and --ip-range
options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.--network
option to podman create
, podman pod create
, podman run
, and podman play kube
can now, when specifying a network name, also specify advanced network options such as alias
, ip
, mac
, and interface_name
, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube
command can now specify the --net
option multiple times, to connect created containers and pods to multiple networks.podman create
, podman pod create
, and podman run
commands now support a new option, --ip6
, to specify a static IPv6 address for the created container or pod to use.-o mode=
option.ipvlan
, is now available.podman info
command will now print the network backend in use (Netavark or CNI).containers.conf
via the network_backend
field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout
, that suppresses all output to STDOUT.podman rm --force
, podman pod rm --force
, podman volume rm --force
, podman network rm --force
) now accept a --time
option to specify the timeout on stopping the container before resorting to SIGKILL
(identical to the --time
flag to podman stop
).podman run
and podman create
commands now support a new option, --passwd
, that uses the /etc/passwd
and /etc/groups
files from the image in the created container without changes by Podman (#11805).podman run
and podman create
commands now support a new option, --hostuser
, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create
and podman run
commands now support two new options, --unsetenv
and --unsetenv-all
, to clear default environment variables set by Podman and by the container image (#11836).podman rm
command now supports a new option, --depend
, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls
, podman ps
) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*
).podman pod create
command now supports the --volume
option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create
command now supports the --device
option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create
command now supports the --volumes-from
option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create
command now supports the --security-opt
option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create
command now supports the --share-parent
option, which defaults to true, controlling whether containers in the pod will use a shared cgroup parent.podman pod create
command now supports the --sysctl
option, allowing sysctls to be configured automatically for all containers in the pod.podman events
command now supports the --no-trunc
option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init
command now supports a new VM type, wsl
, available only on Windows; this uses WSL as a backend for podman machine
, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init
command now supports a new option, --now
, to start the VM immediately after creating it.podman machine init
command now supports a new option, --volume
, to mount contents from the host into the created virtual machine.podman machine
now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine
now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT
into the VM.podman machine ssh
command now supports a new option, --username
, to specify the username to connect to the VM with.podman machine
now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80
), the UDP protocol, and containers created using the slirp4netns
network mode (#11528 and #11728).podman system connection rm
command supports a new option, --all
, to remove all available connections (#12018).podman system service
command's default timeout is now configured via containers.conf
(using the service_timeout
field) instead of hardcoded to 5 seconds.--mount type=devpts
option to podman create
and podman run
now supports new options: uid
, gid
, mode
, and max
.--volume
option to podman create
and podman run
now supports a new option, :idmap
, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U
option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount
option to podman create
and podman run
, as well as the --volume
option where it was already available.:O
option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.:O
option for volumes now supports two additional options, upperdir
and workdir
, which allow for specifying custom upper directories and work directories for the created overlay filesystem.--rootfs
) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O
.podman save
command has a new option, --uncompressed
, which saves the layers of the image without compression (#11613).passthrough
, which logs all output directly to the STDOUT and STDERR of the podman
command; it is intended for use in systemd-managed containers.podman build
command now supports two new options, --unsetenv
and --all-platforms
.podman image prune
command now supports a new option, --external
, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune
have been added for Docker compatibility: podman builder prune
and podman buildx prune
.podman play kube
command now supports a new option, --no-hosts
, which uses the /etc/hosts
file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube
command now supports a new option, --replace
, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube
command now supports a new option, --log-opt
, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube
command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd
command now supports a new option, --template
, to generate template unit files.podman generate systemd
command now supports a new option, --start-timeout
, to override the default start timeout for generated unit files (#11618).podman generate systemd
command now supports a new option, --restart-sec
, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd
command now supports three new options, --wants
, --after
, and --requires
, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint
and podman container restore
commands can now print statistics about the checkpoint operation via a new option, --print-stats
.podman container checkpoint
and podman container restore
commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks
.podman container restore
command can now be used with containers created using the host IPC namespace (--ipc=host
).podman container checkpoint
and podman container restore
commands now handle checkpointing and restoring the contents of /dev/shm
.podman container checkpoint
and podman container restore
commands are now supported with the remote Podman client (#12007).podman inspect
command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list
command now supports a new option, --filter
, to filter what secrets are returned.podman image scp
command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd
.podman image sign
command now supports a new option, --authfile
, to specify an alternative path to authentication credentials (#10866).podman load
command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push
command now supports a new option, --compression-format
, to choose the compression algorithm used to compress image layers.podman volume create
command now allows volumes using the local
driver that require mounting to be used by non-root users. This allows tmpfs
and bind
volumes to be created by non-root users (#12013).podman dial-stdio
, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub
option in containers.conf
(#12320).make install
makefile target no longer implicitly builds Podman, and will fail if make
was not run prior to it.podman rm --depends
, podman rmi --force
, and podman network rm --force
commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force
on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.podman system reset
command now removes all networks on the system, in addition to all volumes, pods, containers, and images.CONTAINER_HOST
environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect
on a container has had its JSON tag renamed from Healthcheck
to Health
for improved Docker compatibility. An alias has been added so that using the old name with the --format
option will still work (#11645).podman inspect
on a container (SecondaryIPAddresses
and SecondaryIPv6Addresses
) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force
command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search
command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal
entry in /etc/hosts
for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap
and --gidmap
(#12669).Configured
state is now named Created
, and the previous Created
state is now Initialized
. The podman ps
command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect
.podman machine stop
command will now log when machines are successfully stopped (#11542).podman machine stop
command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman machine
now delegate more cgroup controllers to the rootless user used to run containers, allowing for additional resource limits to be used (#13054).podman stop
command will now log a warning to the console if the stop timeout expires and SIGKILL
must be used to stop the container (#11854).--no-trunc
argument to the podman search
command now defaults to true.rootlessport
port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls
command now has a separate output column to show which connection is currently the default (instead appending *
to the default connection's name) (#12019).--kernel-memory
option to podman run
and podman create
has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit
binary used for podman run --init
). This allows pods to be easily used on systems without an internet connection.--rootless-cni
option to podman unshare
has been renamed to --rootless-netns
. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir
option to all Podman commands has been renamed to --network-config-dir
as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format
option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external
flag previously required --all
to also be specified; this is no longer truepodman-machine-cni
CNI plugin has been integrated directly into Podman. The podman-machine-cni
plugin is no longer necessary and should be removed.--device
flag to podman create
, podman run
, and podman pod create
would previously refuse to mount devices when Podman was run as a non-root user and no permission to access the device was available; it will now mount these devices without checking permissions (#12704).host
) (#11448).podman save
command was not automatically removing signatures from saved images.podman run --rm
to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps
to return an error if a container was removed while the command was running (#11810).podman play kube
would result in errors (#11803).:z
and :Z
options would be relabelled every time a container was started, not just the first time.podman tag
command on a manifest list could tag an image in the manifest, and not the manifest list itself.podman inspect
(#13083).--userns=keep-id
) could not have any ports forwarded to them.podman system connection ls
command would not print any output (including headers) if no connections were present.--memory-swappiness
option to podman create
and podman run
did not accept 0 as a valid value.containers.conf
for Podman would sometimes not be applied (#12296)./etc/resolv.conf
was a symlink to a directory (#12461).podman container restore
could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy
option to be used (with no effect); --signature-policy
is not supported by the remote client (#12357).EXPOSE
could not be run (#12293).:latest
tag (#11964).--blkio-weight-device
option to podman create
and podman run
was nonfunctional.podman generate systemd
command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname
and --pod new:
options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls
printed networks was not deterministic.podman kill
command would sometimes not print the ID of containers that were killed.podman machine
did not match their timezone to the host system (#11895).podman build
command did not properly propagate non-0 exit codes from Buildah when builds failed.podman build
command could fail to build images when the remote client was run on Windows and the Containerfile contained COPY
instructions (#13119).--secret
option to the podman build
command was nonfunctional.podman build
command would error if given a relative path to a Containerfile (#12841).podman generate kube
command would sometimes omit environment variables set in containers from generated YAML.userns=auto
in containers.conf
was not respected (#12615).podman run
command would fail if the host machine did not have a /etc/hosts
file (#12667).podman inspect
reporting incorrect information (#12671).podman inspect
command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube
command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create
command would ignore the default infra image specified in containers.conf
(#12771).host.containers.internal
entry in /etc/hosts
was set incorrectly to an inaccessible host IP for macvlan
networks (#11351).--userns=auto
) (#12779).cgroupfs
(#12802).--env
option to podman create
and podman run
(#12056).podman stats
command would not show network usage statistics on containers using slirp4netns
for networking (#11695)./dev/shm
mount in the container was not mounted with nosuid
, noexec
, and nodev
mount options.--shm-size
option to podman create
and podman run
interpeted human-readable sizes as KB instead of KiB, and GB instead of GiB (such that a kilobyte was interpreted as 1000 bytes, instead of 1024 bytes) (#13096).--share=cgroup
option to podman pod create
controlled whether the pod used a shared Cgroup parent, not whether the Cgroup namespace was shared (#12765).slirp4netns
network mode was run inside a systemd unit file, systemd could kill the slirp4netns
process, which is shared between all containers for a given user (thus causing all slirp4netns
-mode containers for that user to be unable to connect to the internet) (#13153).podman network connect
and podman network disconnect
commands would not update /etc/resolv.conf
in the container to add or remove the DNS servers of the networks that were connected or disconnected (#9603).noTrunc
query parameter is now ignored as such (#11894).stream=true
query parameter (#12115).Label
and Labels
in the provided JSON configuration (#12102).containers.conf
(#12550).PODMAN_USERNS
environment variable (#11350).HostConfig.StorageOpt
field (#11016).Mounts
field (#12734).sha256:
.size
field (#12468).quiet
query parameter (#12566).aux
JSON (which included the ID of built images) in returned output (#12063).Content-Type
in its responses (#13148).Died
events for containers to die
(previously, died
was used; this was incompatible with Docker's output).exitCode
field in Died
events for containers.TimeNano
field.Published by mheon over 2 years ago
This is the fourth release candidate for Podman v4.0.
Preliminary release notes are below:
podman network connect
command now supports three new options, --ip
, --ip6
, and --mac-address
, to specify configuration for the new network that will be attached.podman network create
command now allows the --subnet
, --gateway
, and --ip-range
options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.--network
option to podman create
, podman pod create
, podman run
, and podman play kube
can now, when specifying a network name, also specify advanced network options such as alias
, ip
, mac
, and interface_name
, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube
command can now specify the --net
option multiple times, to connect created containers and pods to multiple networks.podman create
, podman pod create
, and podman run
commands now support a new option, --ip6
, to specify a static IPv6 address for the created container or pod to use.-o mode=
option.ipvlan
, is now available.podman info
command will now print the network backend in use (Netavark or CNI).containers.conf
via the network_backend
field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout
, that suppresses all output to STDOUT.podman rm --force
, podman pod rm --force
, podman volume rm --force
, podman network rm --force
) now accept a --time
option to specify the timeout on stopping the container before resorting to SIGKILL
(identical to the --time
flag to podman stop
).podman run
and podman create
commands now support a new option, --passwd
, that uses the /etc/passwd
and /etc/groups
files from the image in the created container without changes by Podman (#11805).podman run
and podman create
commands now support a new option, --hostuser
, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create
and podman run
commands now support two new options, --unsetenv
and --unsetenv-all
, to clear default environment variables set by Podman and by the container image (#11836).podman rm
command now supports a new option, --depend
, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls
, podman ps
) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*
).podman pod create
command now supports the --volume
option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create
command now supports the --device
option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create
command now supports the --volumes-from
option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create
command now supports the --security-opt
option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create
command now supports the --sysctl
option, allowing sysctls to be configured automatically for all containers in the pod.podman events
command now supports the --no-trunc
option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init
command now supports a new VM type, wsl
, available only on Windows; this uses WSL as a backend for podman machine
, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init
command now supports a new option, --now
, to start the VM immediately after creating it.podman machine init
command now supports a new option, --volume
, to mount contents from the host into the created virtual machine.podman machine
now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine
now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT
into the VM.podman machine ssh
command now supports a new option, --username
, to specify the username to connect to the VM with.podman machine
now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80
), the UDP protocol, and containers created using the slirp4netns
network mode (#11528 and #11728).podman system connection rm
command supports a new option, --all
, to remove all available connections (#12018).podman system service
command's default timeout is now configured via containers.conf
(using the service_timeout
field) instead of hardcoded to 5 seconds.--mount type=devpts
option to podman create
and podman run
now supports new options: uid
, gid
, mode
, and max
.--volume
option to podman create
and podman run
now supports a new option, :idmap
, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U
option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount
option to podman create
and podman run
, as well as the --volume
option where it was already available.:O
option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.:O
option for volumes now supports two additional options, upperdir
and workdir
, which allow for specifying custom upper directories and work directories for the created overlay filesystem.--rootfs
) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O
.podman save
command has a new option, --uncompressed
, which saves the layers of the image without compression (#11613).passthrough
, which logs all output directly to the STDOUT and STDERR of the podman
command; it is intended for use in systemd-managed containers.podman build
command now supports two new options, --unsetenv
and --all-platforms
.podman image prune
command now supports a new option, --external
, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune
have been added for Docker compatibility: podman builder prune
and podman buildx prune
.podman play kube
command now supports a new option, --no-hosts
, which uses the /etc/hosts
file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube
command now supports a new option, --replace
, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube
command now supports a new option, --log-opt
, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube
command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd
command now supports a new option, --template
, to generate template unit files.podman generate systemd
command now supports a new option, --start-timeout
, to override the default start timeout for generated unit files (#11618).podman generate systemd
command now supports a new option, --restart-sec
, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd
command now supports three new options, --wants
, --after
, and --requires
, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint
and podman container restore
commands can now print statistics about the checkpoint operation via a new option, --print-stats
.podman container checkpoint
and podman container restore
commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks
.podman container restore
command can now be used with containers created using the host IPC namespace (--ipc=host
).podman container checkpoint
and podman container restore
commands now handle checkpointing and restoring the contents of /dev/shm
.podman container checkpoint
and podman container restore
commands are now supported with the remote Podman client (#12007).podman inspect
command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list
command now supports a new option, --filter
, to filter what secrets are returned.podman image scp
command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd
.podman image sign
command now supports a new option, --authfile
, to specify an alternative path to authentication credentials (#10866).podman load
command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push
command now supports a new option, --compression-format
, to choose the compression algorithm used to compress image layers.podman volume create
command now allows volumes using the local
driver that require mounting to be used by non-root users. This allows tmpfs
and bind
volumes to be created by non-root users (#12013).podman dial-stdio
, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub
option in containers.conf
(#12320).make install
makefile target no longer implicitly builds Podman, and will fail if make
was not run prior to it.podman rm --depends
, podman rmi --force
, and podman network rm --force
commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force
on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.podman system reset
command now removes all networks on the system, in addition to all volumes, pods, containers, and images.CONTAINER_HOST
environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect
on a container has had its JSON tag renamed from Healthcheck
to Health
for improved Docker compatibility. An alias has been added so that using the old name with the --format
option will still work (#11645).podman inspect
on a container (SecondaryIPAddresses
and SecondaryIPv6Addresses
) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force
command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search
command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal
entry in /etc/hosts
for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap
and --gidmap
(#12669).Configured
state is now named Created
, and the previous Created
state is now Initialized
. The podman ps
command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect
.podman machine stop
command will now log when machines are successfully stopped (#11542).podman machine stop
command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman machine
now delegate more cgroup controllers to the rootless user used to run containers, allowing for additional resource limits to be used (#13054).podman stop
command will now log a warning to the console if the stop timeout expires and SIGKILL
must be used to stop the container (#11854).--no-trunc
argument to the podman search
command now defaults to true.rootlessport
port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls
command now has a separate output column to show which connection is currently the default (instead appending *
to the default connection's name) (#12019).--kernel-memory
option to podman run
and podman create
has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit
binary used for podman run --init
). This allows pods to be easily used on systems without an internet connection.--rootless-cni
option to podman unshare
has been renamed to --rootless-netns
. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir
option to all Podman commands has been renamed to --network-config-dir
as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format
option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external
flag previously required --all
to also be specified; this is no longer truepodman-machine-cni
CNI plugin has been integrated directly into Podman. The podman-machine-cni
plugin is no longer necessary and should be removed.--device
flag to podman create
, podman run
, and podman pod create
would previously refuse to mount devices when Podman was run as a non-root user and no permission to access the device was available; it will now mount these devices without checking permissions (#12704).host
) (#11448).podman save
command was not automatically removing signatures from saved images.podman run --rm
to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps
to return an error if a container was removed while the command was running (#11810).podman play kube
would result in errors (#11803).:z
and :Z
options would be relabelled every time a container was started, not just the first time.podman tag
command on a manifest list could tag an image in the manifest, and not the manifest list itself.--userns=keep-id
) could not have any ports forwarded to them.podman system connection ls
command would not print any output (including headers) if no connections were present.--memory-swappiness
option to podman create
and podman run
did not accept 0 as a valid value.containers.conf
for Podman would sometimes not be applied (#12296)./etc/resolv.conf
was a symlink to a directory (#12461).podman container restore
could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy
option to be used (with no effect); --signature-policy
is not supported by the remote client (#12357).EXPOSE
could not be run (#12293).:latest
tag (#11964).--blkio-weight-device
option to podman create
and podman run
was nonfunctional.podman generate systemd
command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname
and --pod new:
options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls
printed networks was not deterministic.podman kill
command would sometimes not print the ID of containers that were killed.podman machine
did not match their timezone to the host system (#11895).podman build
command did not properly propagate non-0 exit codes from Buildah when builds failed.podman build
command could fail to build images when the remote client was run on Windows and the Containerfile contained COPY
instructions (#13119).--secret
option to the podman build
command was nonfunctional.podman build
command would error if given a relative path to a Containerfile (#12841).podman generate kube
command would sometimes omit environment variables set in containers from generated YAML.userns=auto
in containers.conf
was not respected (#12615).podman run
command would fail if the host machine did not have a /etc/hosts
file (#12667).podman inspect
reporting incorrect information (#12671).podman inspect
command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube
command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create
command would ignore the default infra image specified in containers.conf
(#12771).host.containers.internal
entry in /etc/hosts
was set incorrectly to an inaccessible host IP for macvlan
networks (#11351).--userns=auto
) (#12779).cgroupfs
(#12802).--env
option to podman create
and podman run
(#12056).podman stats
command would not show network usage statistics on containers using slirp4netns
for networking (#11695)./dev/shm
mount in the container was not mounted with nosuid
, noexec
, and nodev
mount options.--shm-size
option to podman create
and podman run
interpeted human-readable sizes as KB instead of KiB, and GB instead of GiB (such that a kilobyte was interpreted as 1000 bytes, instead of 1024 bytes) (#13096).noTrunc
query parameter is now ignored as such (#11894).stream=true
query parameter (#12115).Label
and Labels
in the provided JSON configuration (#12102).containers.conf
(#12550).PODMAN_USERNS
environment variable (#11350).HostConfig.StorageOpt
field (#11016).Mounts
field (#12734).sha256:
.size
field (#12468).quiet
query parameter (#12566).aux
JSON (which included the ID of built images) in returned output (#12063).Died
events for containers to die
(previously, died
was used; this was incompatible with Docker's output).exitCode
field in Died
events for containers.TimeNano
field.Published by mheon over 2 years ago
This is the third release candidate of Podman v4.0.0. Preliminary release notes are below:
podman network connect
command now supports three new options, --ip
, --ip6
, and --mac-address
, to specify configuration for the new network that will be attached.podman network create
command now allows the --subnet
, --gateway
, and --ip-range
options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.--network
option to podman create
, podman pod create
, podman run
, and podman play kube
can now, when specifying a network name, also specify advanced network options such as alias
, ip
, mac
, and interface_name
, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube
command can now specify the --net
option multiple times, to connect created containers and pods to multiple networks.podman create
, podman pod create
, and podman run
commands now support a new option, --ip6
, to specify a static IPv6 address for the created container or pod to use.-o mode=
option.ipvlan
, is now available.podman info
command will now print the network backend in use (Netavark or CNI).containers.conf
via the network_backend
field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout
, that suppresses all output to STDOUT.podman rm --force
, podman pod rm --force
, podman volume rm --force
, podman network rm --force
) now accept a --time
option to specify the timeout on stopping the container before resorting to SIGKILL
(identical to the --time
flag to podman stop
).podman run
and podman create
commands now support a new option, --passwd
, that uses the /etc/passwd
and /etc/groups
files from the image in the created container without changes by Podman (#11805).podman run
and podman create
commands now support a new option, --hostuser
, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create
and podman run
commands now support two new options, --unsetenv
and --unsetenv-all
, to clear default environment variables set by Podman and by the container image (#11836).podman rm
command now supports a new option, --depend
, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls
, podman ps
) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*
).podman pod create
command now supports the --volume
option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create
command now supports the --device
option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create
command now supports the --volumes-from
option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create
command now supports the --security-opt
option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create
command now supports the --sysctl
option, allowing sysctls to be configured automatically for all containers in the pod.podman events
command now supports the --no-trunc
option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init
command now supports a new VM type, wsl
, available only on Windows; this uses WSL as a backend for podman machine
, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init
command now supports a new option, --now
, to start the VM immediately after creating it.podman machine init
command now supports a new option, --volume
, to mount contents from the host into the created virtual machine.podman machine
now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine
now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT
into the VM.podman machine ssh
command now supports a new option, --username
, to specify the username to connect to the VM with.podman machine
now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80
), the UDP protocol, and containers created using the slirp4netns
network mode (#11528 and #11728).podman system connection rm
command supports a new option, --all
, to remove all available connections (#12018).podman system service
command's default timeout is now configured via containers.conf
(using the service_timeout
field) instead of hardcoded to 5 seconds.--mount type=devpts
option to podman create
and podman run
now supports new options: uid
, gid
, mode
, and max
.--volume
option to podman create
and podman run
now supports a new option, :idmap
, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U
option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount
option to podman create
and podman run
, as well as the --volume
option where it was already available.:O
option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.:O
option for volumes now supports two additional options, upperdir
and workdir
, which allow for specifying custom upper directories and work directories for the created overlay filesystem.--rootfs
) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O
.podman save
command has a new option, --uncompressed
, which saves the layers of the image without compression (#11613).passthrough
, which logs all output directly to the STDOUT and STDERR of the podman
command; it is intended for use in systemd-managed containers.podman build
command now supports two new options, --unsetenv
and --all-platforms
.podman image prune
command now supports a new option, --external
, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune
have been added for Docker compatibility: podman builder prune
and podman buildx prune
.podman play kube
command now supports a new option, --no-hosts
, which uses the /etc/hosts
file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube
command now supports a new option, --replace
, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube
command now supports a new option, --log-opt
, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube
command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd
command now supports a new option, --template
, to generate template unit files.podman generate systemd
command now supports a new option, --start-timeout
, to override the default start timeout for generated unit files (#11618).podman generate systemd
command now supports a new option, --restart-sec
, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd
command now supports three new options, --wants
, --after
, and --requires
, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint
and podman container restore
commands can now print statistics about the checkpoint operation via a new option, --print-stats
.podman container checkpoint
and podman container restore
commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks
.podman container restore
command can now be used with containers created using the host IPC namespace (--ipc=host
).podman container checkpoint
and podman container restore
commands now handle checkpointing and restoring the contents of /dev/shm
.podman container checkpoint
and podman container restore
commands are now supported with the remote Podman client (#12007).podman inspect
command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list
command now supports a new option, --filter
, to filter what secrets are returned.podman image scp
command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd
.podman image sign
command now supports a new option, --authfile
, to specify an alternative path to authentication credentials (#10866).podman load
command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push
command now supports a new option, --compression-format
, to choose the compression algorithm used to compress image layers.podman volume create
command now allows volumes using the local
driver that require mounting to be used by non-root users. This allows tmpfs
and bind
volumes to be created by non-root users (#12013).podman dial-stdio
, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub
option in containers.conf
(#12320).make install
makefile target no longer implicitly builds Podman, and will fail if make
was not run prior to it.podman rm --depends
, podman rmi --force
, and podman network rm --force
commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force
on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.CONTAINER_HOST
environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect
on a container has had its JSON tag renamed from Healthcheck
to Health
for improved Docker compatibility. An alias has been added so that using the old name with the --format
option will still work (#11645).podman inspect
on a container (SecondaryIPAddresses
and SecondaryIPv6Addresses
) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force
command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search
command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal
entry in /etc/hosts
for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap
and --gidmap
(#12669).Configured
state is now named Created
, and the previous Created
state is now Initialized
. The podman ps
command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect
.podman machine stop
command will now log when machines are successfully stopped (#11542).podman stop
command will now log a warning to the console if the stop timeout expires and SIGKILL
must be used to stop the container (#11854).--no-trunc
argument to the podman search
command now defaults to true.rootlessport
port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls
command now has a separate output column to show which connection is currently the default (instead appending *
to the default connection's name) (#12019).--kernel-memory
option to podman run
and podman create
has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit
binary used for podman run --init
). This allows pods to be easily used on systems without an internet connection.--rootless-cni
option to podman unshare
has been renamed to --rootless-netns
. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir
option to all Podman commands has been renamed to --network-config-dir
as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format
option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external
flag previously required --all
to also be specified; this is no longer truepodman machine stop
command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman-machine-cni
CNI plugin has been integrated directly into Podman. The podman-machine-cni
plugin is no longer necessary and should be removed.--device
flag to podman create
, podman run
, and podman pod create
would previously refuse to mount devices when Podman was run as a non-root user and no permission to access the device was available; it will now mount these devices without checking permissions (#12704).host
) (#11448).podman save
command was not automatically removing signatures from saved images.podman run --rm
to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps
to return an error if a container was removed while the command was running (#11810).podman play kube
would result in errors (#11803).:z
and :Z
options would be relabelled every time a container was started, not just the first time.podman tag
command on a manifest list could tag an image in the manifest, and not the manifest list itself.--userns=keep-id
) could not have any ports forwarded to them.podman system connection ls
command would not print any output (including headers) if no connections were present.--memory-swappiness
option to podman create
and podman run
did not accept 0 as a valid value.containers.conf
for Podman would sometimes not be applied (#12296)./etc/resolv.conf
was a symlink to a directory (#12461).podman container restore
could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy
option to be used (with no effect); --signature-policy
is not supported by the remote client (#12357).EXPOSE
could not be run (#12293).:latest
tag (#11964).--blkio-weight-device
option to podman create
and podman run
was nonfunctional.podman generate systemd
command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname
and --pod new:
options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls
printed networks was not deterministic.podman kill
command would sometimes not print the ID of containers that were killed.podman machine
did not match their timezone to the host system (#11895).podman build
command did not properly propagate non-0 exit codes from Buildah when builds failed.--secret
option to the podman build
command was nonfunctional.podman build
command would error if given a relative path to a Containerfile (#12841).podman generate kube
command would sometimes omit environment variables set in containers from generated YAML.userns=auto
in containers.conf
was not respected (#12615).podman run
command would fail if the host machine did not have a /etc/hosts
file (#12667).podman inspect
reporting incorrect information (#12671).podman inspect
command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube
command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create
command would ignore the default infra image specified in containers.conf
(#12771).host.containers.internal
entry in /etc/hosts
was set incorrectly to an inaccessible host IP for macvlan
networks (#11351).--userns=auto
) (#12779).cgroupfs
(#12802).--env
option to podman create
and podman run
(#12056).noTrunc
query parameter is now ignored as such (#11894).stream=true
query parameter (#12115).Label
and Labels
in the provided JSON configuration (#12102).containers.conf
(#12550).PODMAN_USERNS
environment variable (#11350).HostConfig.StorageOpt
field (#11016).Mounts
field (#12734).sha256:
.size
field (#12468).quiet
query parameter (#12566).aux
JSON (which included the ID of built images) in returned output (#12063).Died
events for containers to die
(previously, died
was used; this was incompatible with Docker's output).exitCode
field in Died
events for containers.TimeNano
field.Published by mheon over 2 years ago
This is the second release candidate for Podman v4.0.0. Preliminary release notes are attached:
podman network connect
command now supports three new options, --ip
, --ip6
, and --mac-address
, to specify configuration for the new network that will be attached.--network
option to podman create
, podman pod create
, podman run
, and podman play kube
can now, when specifying a network name, also specify advanced network options such as alias
, ip
, mac
, and interface_name
, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube
command can now specify the --net
option multiple times, to connect created containers and pods to multiple networks.podman create
, podman pod create
, and podman run
commands now support a new option, --ip6
, to specify a static IPv6 address for the created container or pod to use.-o mode=
option.ipvlan
, is now available.podman info
command will now print the network backend in use (Netavark or CNI).containers.conf
via the network_backend
field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout
, that suppresses all output to STDOUT.podman rm --force
, podman pod rm --force
, podman volume rm --force
, podman network rm --force
) now accept a --time
option to specify the timeout on stopping the container before resorting to SIGKILL
(identical to the --time
flag to podman stop
).podman run
and podman create
commands now support a new option, --passwd
, that uses the /etc/passwd
and /etc/groups
files from the image in the created container without changes by Podman (#11805).podman run
and podman create
commands now support a new option, --hostuser
, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create
and podman run
commands now support two new options, --unsetenv
and --unsetenv-all
, to clear default environment variables set by Podman and by the container image (#11836).podman rm
command now supports a new option, --depend
, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls
, podman ps
) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*
).podman pod create
command now supports the --volume
option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create
command now supports the --device
option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create
command now supports the --volumes-from
option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create
command now supports the --security-opt
option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create
command now supports the --sysctl
option, allowing sysctls to be configured automatically for all containers in the pod.podman events
command now supports the --no-trunc
option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init
command now supports a new VM type, wsl
, available only on Windows; this uses WSL as a backend for podman machine
, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init
command now supports a new option, --now
, to start the VM immediately after creating it.podman machine init
command now supports a new option, --volume
, to mount contents from the host into the created virtual machine.podman machine
now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine
now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT
into the VM.podman machine ssh
command now supports a new option, --username
, to specify the username to connect to the VM with.podman machine
now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80
), the UDP protocol, and containers created using the slirp4netns
network mode (#11528 and #11728).podman system connection rm
command supports a new option, --all
, to remove all available connections (#12018).podman system service
command's default timeout is now configured via containers.conf
(using the service_timeout
field) instead of hardcoded to 5 seconds.--mount type=devpts
option to podman create
and podman run
now supports new options: uid
, gid
, mode
, and max
.--volume
option to podman create
and podman run
now supports a new option, :idmap
, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U
option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount
option to podman create
and podman run
, as well as the --volume
option where it was already available.:O
option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.--rootfs
) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O
.podman save
command has a new option, --uncompressed
, which saves the layers of the image without compression (#11613).passthrough
, which logs all output directly to the STDOUT and STDERR of the podman
command; it is intended for use in systemd-managed containers.podman build
command now supports two new options, --unsetenv
and --all-platforms
.podman image prune
command now supports a new option, --external
, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune
have been added for Docker compatibility: podman builder prune
and podman buildx prune
.podman play kube
command now supports a new option, --no-hosts
, which uses the /etc/hosts
file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube
command now supports a new option, --replace
, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube
command now supports a new option, --log-opt
, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube
command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd
command now supports a new option, --template
, to generate template unit files.podman generate systemd
command now supports a new option, --start-timeout
, to override the default start timeout for generated unit files (#11618).podman generate systemd
command now supports a new option, --restart-sec
, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd
command now supports three new options, --wants
, --after
, and --requires
, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint
and podman container restore
commands can now print statistics about the checkpoint operation via a new option, --print-stats
.podman container checkpoint
and podman container restore
commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks
.podman container restore
command can now be used with containers created using the host IPC namespace (--ipc=host
).podman container checkpoint
and podman container restore
commands now handle checkpointing and restoring the contents of /dev/shm
.podman container checkpoint
and podman container restore
commands are now supported with the remote Podman client (#12007).podman inspect
command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list
command now supports a new option, --filter
, to filter what secrets are returned.podman image scp
command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd
.podman image sign
command now supports a new option, --authfile
, to specify an alternative path to authentication credentials (#10866).podman load
command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push
command now supports a new option, --compression-format
, to choose the compression algorithm used to compress image layers.podman volume create
command now allows volumes using the local
driver that require mounting to be used by non-root users. This allows tmpfs
and bind
volumes to be created by non-root users (#12013).podman dial-stdio
, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub
option in containers.conf
(#12320).podman rm --depends
, podman rmi --force
, and podman network rm --force
commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force
on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.CONTAINER_HOST
environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect
on a container has had its JSON tag renamed from Healthcheck
to Health
for improved Docker compatibility. An alias has been added so that using the old name with the --format
option will still work (#11645).podman inspect
on a container (SecondaryIPAddresses
and SecondaryIPv6Addresses
) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force
command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search
command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal
entry in /etc/hosts
for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap
and --gidmap
(#12669).Configured
state is now named Created
, and the previous Created
state is now Initialized
. The podman ps
command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect
.podman machine stop
command will now log when machines are successfully stopped (#11542).podman stop
command will now log a warning to the console if the stop timeout expires and SIGKILL
must be used to stop the container (#11854).--no-trunc
argument to the podman search
command now defaults to true.rootlessport
port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls
command now has a separate output column to show which connection is currently the default (instead appending *
to the default connection's name) (#12019).--kernel-memory
option to podman run
and podman create
has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit
binary used for podman run --init
). This allows pods to be easily used on systems without an internet connection.--rootless-cni
option to podman unshare
has been renamed to --rootless-netns
. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir
option to all Podman commands has been renamed to --network-config-dir
as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format
option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external
flag previously required --all
to also be specified; this is no longer truepodman machine stop
command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman-machine-cni
CNI plugin has been integrated directly into Podman. The podman-machine-cni
plugin is no longer necessary and should be removed.host
) (#11448).podman save
command was not automatically removing signatures from saved images.podman run --rm
to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps
to return an error if a container was removed while the command was running (#11810).podman play kube
would result in errors (#11803).:z
and :Z
options would be relabelled every time a container was started, not just the first time.podman tag
command on a manifest list could tag an image in the manifest, and not the manifest list itself.--userns=keep-id
) could not have any ports forwarded to them.podman system connection ls
command would not print any output (including headers) if no connections were present.--memory-swappiness
option to podman create
and podman run
did not accept 0 as a valid value.containers.conf
for Podman would sometimes not be applied (#12296)./etc/resolv.conf
was a symlink to a directory (#12461).podman container restore
could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy
option to be used (with no effect); --signature-policy
is not supported by the remote client (#12357).EXPOSE
could not be run (#12293).:latest
tag (#11964).--blkio-weight-device
option to podman create
and podman run
was nonfunctional.podman generate systemd
command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname
and --pod new:
options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls
printed networks was not deterministic.podman kill
command would sometimes not print the ID of containers that were killed.podman machine
did not match their timezone to the host system (#11895).podman build
command did not properly propagate non-0 exit codes from Buildah when builds failed.--secret
option to the podman build
command was nonfunctional.podman build
command would error if given a relative path to a Containerfile (#12841).podman generate kube
command would sometimes omit environment variables set in containers from generated YAML.userns=auto
in containers.conf
was not respected (#12615).podman run
command would fail if the host machine did not have a /etc/hosts
file (#12667).podman inspect
reporting incorrect information (#12671).podman inspect
command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube
command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create
command would ignore the default infra image specified in containers.conf
(#12771).host.containers.internal
entry in /etc/hosts
was set incorrectly to an inaccessible host IP for macvlan
networks (#11351).--userns=auto
) (#12779).cgroupfs
(#12802).--env
option to podman create
and podman run
(#12056).noTrunc
query parameter is now ignored as such (#11894).stream=true
query parameter (#12115).Label
and Labels
in the provided JSON configuration (#12102).containers.conf
(#12550).PODMAN_USERNS
environment variable (#11350).HostConfig.StorageOpt
field (#11016).Mounts
field (#12734).sha256:
.size
field (#12468).quiet
query parameter (#12566).aux
JSON (which included the ID of built images) in returned output (#12063).Died
events for containers to die
(previously, died
was used; this was incompatible with Docker's output).exitCode
field in Died
events for containers.TimeNano
field.Published by mheon almost 3 years ago
This is the first release candidate for Podman v4.0.0. This is a large release with several breaking changes to the API, focusing on a complete rewrite of the Podman network stack for better support of IPv6 and Docker compatibility. Some network stack changes (e.g. the Netavark network creation tool) are not yet ready for testing, but many aspects (including the --ipv6
flag for static IPv6 addresses) are.
Full release notes are not available with this RC, but should be available in the next one.
Expected release for Podman v4.0.0 final is in early February.
Published by mheon almost 3 years ago
podman exec
command would, under some circumstances, print a warning message about failing to move conmon
to the appropriate cgroup (#12535).podman run --volume avolume:/a/mountpoint
or similar) would be mounted with incorrect permissions (#12523).podman-remote create
and podman-remote run
commands did not properly handle the --entrypoint=""
option (to clear the container's entrypoint) (#12521).Published by mheon almost 3 years ago
podman machine
command opened the gvproxy
API (used to forward ports to podman machine
VMs) to the public internet on port 7777.--secret type=mount
option to podman create
and podman run
supports a new option, target=
, which specifies where in the container the secret will be mounted (#12287).podman run
and podman create
commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).podman generate systemd
command generated units that depended on multi-user.target
, which has been removed from some distributions (#12438)./etc/
as a symlink (#12189).podman logs -f
command would, when using the journald
logs backend, exit immediately if the container had previously been restarted (#12263).podman machine
, the host.containers.internal
name pointed to the VM, not the host system (#11642).podman play kube
command in VMs managed by podman machine
would not automatically forward ports from the host machine (#12248).podman machine init
would fail on OS X when GNU Coreutils was installed (#12329).podman machine start
would exit before SSH on the started VM was accepting connections (#11532).podman run
command with signal proxying (--sig-proxy
) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).podman stats
command would not return correct information for containers running Systemd as PID1 (#12400).podman image save
command would fail on OS X when writing the image to STDOUT (#12402).podman ps
command did not properly handle PS arguments which contained whitespace (#12452).podman-remote wait
command could fail to detect that the container exited and return an error under some circumstances (#12457).podman-remote
would break the PATH environment variable by adding an extra "
(#11416).ConfigMap
YAML as part of its payload, and will use provided any ConfigMap
to configure provided pods and services.HostConfig.Mounts
field (#12419).layers
query parameter (for caching intermediate layers from the build) (#12378).