Podman: A tool for managing OCI containers and pods.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by mheon almost 3 years ago
podman tag
could not tag manifest lists (#12046).podman network reload
command command on containers using the slirp4netns
network mode and the rootlessport
port forwarding driver would make an unnecessary attempt to restart rootlessport
on containers that did not forward ports.podman generate kube
command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged
flag when set to false) (#11995).podman pod rm
command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034).podman pod rm
command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force
was specified (#11713).--memory
flag to podman run
and podman create
did not accept a limit of 0 (which should specify unlimited memory) (#12002).podman build
command could attempt to build a Dockerfile in the working directory of the podman system service
instance instead of the Dockerfile specified by the user (#12054).podman logs --tail
command could function improperly (printing more output than requested) when the journald
log driver was used.slirp4netns
network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).dbus-daemon
process to be created (#9727).checkpointed
field in podman inspect
on a container was not set to false after a container was restored.podman system service
command would print overly-verbose logs about request IDs (#12181).Published by mheon almost 3 years ago
podman machine init
could, under some circumstances, create invalid machine configurations which could not be started (#11824).podman machine list
command would not properly populate some output fields.podman machine rm
could leave dangling sockets from the removed machine (#11393).podman run --pids-limit=-1
was not supported (it now sets the PID limit in the container to unlimited) (#11782).podman run
and podman attach
could throw errors about a closed network connection when STDIN was closed by the client (#11856).podman stop
command could fail when run on a container that had another podman stop
command run on it previously.--sync
flag to podman ps
was nonfunctional.podman stats
command would fail (#11909).podman play kube
command did not properly handle environment variables whose values contained an =
(#11891).podman generate kube
command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z
or :Z
) (#11929).podman generate kube
command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).podman generate kube
command could, under some circumstances, generate YAML including an invalid targetPort
field for forwarded ports (#11930).podman info
command could, under some circumstances, not read available CGroup controllers (#11931).podman container checkpoint --export
would fail to checkpoint any container created with --log-driver=none
(#11974).Published by mheon about 3 years ago
podman create
command's --init-ctr
option.podman play kube
and podman generate kube
- init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.podman play kube
command now supports building images. If the --build
option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.podman play kube
command now supports a new option, --down
, which removes any pods and containers created by the given Kubernetes YAML.podman generate kube
command now generates annotations for SELinux mount options on volume (:z
and :Z
) that are respected by the podman play kube
command.podman pod logs
, to return logs for all containers in a pod at the same time.podman volume export
(to export a volume to a tar file) and podman volume import
) (to populate a volume from a given tar file).podman auto-update
command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.podman pod create
command now supports the --userns
option. This allows rootless pods to be created with the --userns=keep-id
option.podman pod ps
command now supports a new filter with its --filter
option, until
, which returns pods created before a given timestamp.podman image scp
command has been added. This command allows images to be transferred between different hosts.podman stats
command supports a new option, --interval
, to specify the amount of time before the information is refreshed.podman inspect
command now includes ports exposed (but not published) by containers (e.g. ports from --expose
when --publish-all
is not specified).podman inspect
command now has a new boolean value, Checkpointed
, which indicates that a container was stopped as a result of a podman container checkpoint
operation.podman volume create
now support setting quotas when run atop XFS. The size
and inode
options allow the maximum size and maximum number of inodes consumed by a volume to be limited.podman info
command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).podman info
command now outputs the current log driver in use, and the variant and codename of the distribution in use.podman machine init
(amount of disk space, memory, CPUs) can now be set in containers.conf
.podman machine ls
command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine
.podman ps
command now includes healthcheck status in container state for containers that have healthchecks (#11527).podman build
command has a new alias, podman buildx
, to improve compatibility with Docker. We have already added support for many docker buildx
flags to podman build
and aim to continue to do so.file
to journald
. The file
driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file
.ip
for removing networks (#11403).--macvlan
flag to podman network create
now warns when it is used. It will be removed entirely in the Podman 4.0 release.podman machine start
command now prints a message when the VM is successfully started.podman stats
command can now be used on containers that are paused.podman unshare
command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).healthy
line to the system log to reduce log spam.podman machine
now default to only using the docker.io
registry.containers.conf
) would cause them to be parsed incorrectly.journald
log driver could be skipped.podman commit
did not include ports exposed by the container.podman auto-update
command would ignore the io.containers.autoupdate.authfile
label when pulling images (#11171).--workdir
option to podman create
and podman run
could not be set to a directory where a volume was mounted (#11352).rootlessport
port-forwarding service when XDG_RUNTIME_DIR
was set to a long path.--systemd
option to podman create
and podman run
were case-sensitive (#11387).podman manifest rm
command would also remove images referenced by the manifest, not just the manifest itself (#11344).TMPDIR
environment variable was not set (#11418)./etc/hosts
file was not guaranteed to contain an entry for localhost
(this is still not guaranteed if --net=host
is used; such containers will exactly match the host's /etc/hosts
) (#11411).podman machine start
command could print warnings about unsupported CPU features (#11421).podman info
command could segfault when accessing cgroup information.podman logs -f
command could hang when a container exited (#11461).podman generate systemd
command could not be used on containers that specified a restart policy (#11438).podman build
command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).podman build
command would fail to build containers if the context directory was a symlink (#11732).--network
flag to podman play kube
was not properly parsed when a non-bridge network configuration was specified.podman inspect
command could error when the container being inspected was removed as it was being inspected (#11392).podman play kube
command ignored the default pod infra image specified in containers.conf
.--format
option to podman inspect
was nonfunctional under some circumstances (#8785).podman run
and podman exec
commands could skip a byte of output every 8192 bytes (#11496).podman stats
command would print nonsensical results if the container restarted while it was running (#11469).podman run
command could return 0 when the application in the container exited with 125 (#11540).--restart=always
set using the rootlessport port-forwarding service could not be restarted automatically.--cgroups=split
option to podman create
and podman run
was silently discarded if the container was part of a pod.podman container runlabel
command could fail if the image name given included a tag.127.0.0.1
entry to /etc/hosts
under some circumstances (#11596).podman untag
command did not properly handle tags including a digest (#11557).--format
option to podman ps
did not properly support the table
argument for tabular output.--filter
option to podman ps
did not properly handle filtering by healthcheck status (#11687).podman run
and podman start --attach
commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f
) (#11633).podman generate kube
command would add default environment variables to generated YAML.podman generate kube
command would add the default CMD from the image to generated YAML (#11672).podman rm --storage
command could fail to remove containers under some circumstances (#11207).podman machine ssh
command could fail when run on Linux (#11731).podman stop
command would error when used on a container that was already stopped (#11740).podman rename
command, then removing the pod using podman pod rm
, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).quiet
, which (when set to true) suppresses image pull progress reports (#10612).sha256:
for improved Docker compatibility (#11623).Mounts
field (#10831).filter
, which allows returned results to be filtered.Published by mheon about 3 years ago
This is the second release candidate for Podman v3.4.0. Preliminary release notes are below:
podman create
command's --init-ctr
option.podman play kube
and podman generate kube
- init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.podman play kube
command now supports building images. If the --build
option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.podman play kube
command now supports a new option, --teardown
, which removes any pods and containers created by the given Kubernetes YAML.podman pod logs
, to return logs for all containers in a pod at the same time.podman volume export
(to export a volume to a tar file) and podman volume import
) (to populate a volume from a given tar file).podman auto-update
command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.podman pod create
command now supports the --userns
option. This allows rootless pods to be created with the --userns=keep-id
option.podman pod ps
command now supports a new filter with its --filter
option, until
, which returns pods created before a given timestamp.podman image scp
command has been added. This command allows images to be transferred between different hosts.podman stats
command supports a new option, --interval
, to specify the amount of time before the information is refreshed.podman inspect
command now includes ports exposed (but not published) by containers (e.g. ports from --expose
when --publish-all
is not specified).podman inspect
command now has a new boolean value, Checkpointed
, which indicates that a container was stopped as a result of a podman container checkpoint
operation.podman volume create
now support setting quotas when run atop XFS. The size
and inode
options allow the maximum size and maximum number of inodes consumed by a volume to be limited.podman info
command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).podman info
command now outputs the current log driver in use, and the variant and codename of the distribution in use.podman build
command has a new alias, podman buildx
, to improve compatibility with Docker. We have already added support for many docker buildx
flags to podman build
and aim to continue to do so.XDG_RUNTIME_DIR
when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806.file
to journald
. The file
driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file
.ip
for removing networks (#11403).--macvlan
flag to podman network create
now warns when it is used. It will be removed entirely in the Podman 4.0 release.podman machine start
command now prints a message when the VM is successfully started.podman stats
command can now be used on containers that are paused.podman unshare
command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).healthy
line to the system log to reduce log spam.podman machine
now default to only using the docker.io
registry.containers.conf
) would cause them to be parsed incorrectly.journald
log driver could be skipped.podman commit
did not include ports exposed by the container.podman auto-update
command would ignore the io.containers.autoupdate.authfile
label when pulling images (#11171).--workdir
option to podman create
and podman run
could not be set to a directory where a volume was mounted (#11352).rootlessport
port-forwarding service when XDG_RUNTIME_DIR
was set to a long path.--systemd
option to podman create
and podman run
were case-sensitive (#11387).podman manifest rm
command would also remove images referenced by the manifest, not just the manifest itself (#11344).TMPDIR
environment variable was not set (#11418)./etc/hosts
file was not guaranteed to contain an entry for localhost
(this is still not guaranteed if --net=host
is used; such containers will exactly match the host's /etc/hosts
) (#11411).podman machine start
command could print warnings about unsupported CPU features (#11421).podman info
command could segfault when accessing cgroup information.podman logs -f
command could hang when a container exited (#11461).podman generate systemd
command could not be used on containers that specified a restart policy (#11438).podman build
command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).--network
flag to podman play kube
was not properly parsed when a non-bridge network configuration was specified.podman inspect
command could error when the container being inspected was removed as it was being inspected (#11392).podman play kube
command ignored the default pod infra image specified in containers.conf
.--format
option to podman inspect
was nonfunctional under some circumstances (#8785).podman run
and podman exec
commands could skip a byte of output every 8192 bytes (#11496).podman stats
command would print nonsensical results if the container restarted while it was running (#11469).podman run
command could return 0 when the application in the container exited with 125 (#11540).--restart=always
set using the rootlessport port-forwarding service could not be restarted automatically.--cgroups=split
option to podman create
and podman run
was silently discarded if the container was part of a pod.podman container runlabel
command could fail if the image name given included a tag.127.0.0.1
entry to /etc/hosts
under some circumstances (#11596).podman untag
command did not properly handle tags including a digest (#11557).--format
option to podman ps
did not properly support the table
argument for tabular output.--filter
option to podman ps
did not properly handle filtering by healthcheck status (#11687).podman run
and podman start --attach
commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f
) (#11633).podman generate kube
command would add default environment variables to generated YAML.quiet
, which (when set to true) suppresses image pull progress reports (#10612).sha256:
for improved Docker compatibility (#11623).Mounts
field (#10831).filter
, which allows returned results to be filtered.Published by mheon about 3 years ago
podman create
command's --init-ctr
option.podman play kube
and podman generate kube
- init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.podman play kube
command now supports building images. If the --build
option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.podman play kube
command now supports a new option, --teardown
, which removes any pods and containers created by the given Kubernetes YAML.podman pod logs
, to return logs for all containers in a pod at the same time.podman volume export
(to export a volume to a tar file) and podman volume import
) (to populate a volume from a given tar file).podman auto-update
command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.podman pod create
command now supports the --userns
option. This allows rootless pods to be created with the --userns=keep-id
option.podman pod ps
command now supports a new filter with its --filter
option, until
, which returns pods created before a given timestamp.podman image scp
command has been added. This command allows images to be transferred between different hosts.podman stats
command supports a new option, --interval
, to specify the amount of time before the information is refreshed.podman inspect
command now includes ports exposed (but not published) by containers (e.g. ports from --expose
when --publish-all
is not specified).podman inspect
command now has a new boolean value, Checkpointed
, which indicates that a container was stopped as a result of a podman container checkpoint
operation.podman volume create
now support setting quotas when run atop XFS. The size
and inode
options allow the maximum size and maximum number of inodes consumed by a volume to be limited.podman info
command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).podman info
command now outputs the current log driver in use, and the variant and codename of the distribution in use.podman build
command has a new alias, podman buildx
, to improve compatibility with Docker. We have already added support for many docker buildx
flags to podman build
and aim to continue to do so.XDG_RUNTIME_DIR
when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806.file
to journald
. The file
driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file
.ip
for removing networks (#11403).--macvlan
flag to podman network create
now warns when it is used. It will be removed entirely in the Podman 4.0 release.podman machine start
command now prints a message when the VM is successfully started.podman stats
command can now be used on containers that are paused.podman unshare
command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).healthy
line to the system log to reduce log spam.podman machine
now default to only using the docker.io
registry.containers.conf
) would cause them to be parsed incorrectly.journald
log driver could be skipped.podman commit
did not include ports exposed by the container.podman auto-update
command would ignore the io.containers.autoupdate.authfile
label when pulling images (#11171).--workdir
option to podman create
and podman run
could not be set to a directory where a volume was mounted (#11352).rootlessport
port-forwarding service when XDG_RUNTIME_DIR
was set to a long path.--systemd
option to podman create
and podman run
were case-sensitive (#11387).podman manifest rm
command would also remove images referenced by the manifest, not just the manifest itself (#11344).TMPDIR
environment variable was not set (#11418)./etc/hosts
file was not guaranteed to contain an entry for localhost
(this is still not guaranteed if --net=host
is used; such containers will exactly match the host's /etc/hosts
) (#11411).podman machine start
command could print warnings about unsupported CPU features (#11421).podman info
command could segfault when accessing cgroup information.podman logs -f
command could hang when a container exited (#11461).podman generate systemd
command could not be used on containers that specified a restart policy (#11438).podman build
command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).--network
flag to podman play kube
was not properly parsed when a non-bridge network configuration was specified.podman inspect
command could error when the container being inspected was removed as it was being inspected (#11392).podman play kube
command ignored the default pod infra image specified in containers.conf
.--format
option to podman inspect
was nonfunctional under some circumstances (#8785).podman run
and podman exec
commands could skip a byte of output every 8192 bytes (#11496).podman stats
command would print nonsensical results if the container restarted while it was running (#11469).podman run
command could return 0 when the application in the container exited with 125 (#11540).--restart=always
set using the rootlessport port-forwarding service could not be restarted automatically.--cgroups=split
option to podman create
and podman run
was silently discarded if the container was part of a pod.quiet
, which (when set to true) suppresses image pull progress reports (#10612).Mounts
field (#10831).filter
, which allows returned results to be filtered.Published by mheon about 3 years ago
podman generate systemd
could not cleanup shut down containers when stopped by systemctl stop
(#11304).podman machine
commands would not properly locate the gvproxy
binary in some circumstances.--pod-id-file
option would not join the pod's network namespace (#11303).until
filter to podman logs
and podman events
was improperly handled, requiring input to be negated (#11158).systemd-resolved
for DNS would fail to start if resolved symlinked /etc/resolv.conf
to an absolute path (#11358).Published by mheon about 3 years ago
podman machine
will now automatically handle port forwarding - containers in podman machine
VMs that publish ports via --publish
or --publish-all
will have these ports not just forwarded on the VM, but also on the host system.podman play kube
command's --network
option now accepts advanced network options (e.g. --network slirp4netns:port_handler=slirp4netns
) (#10807).podman play kube
commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.podman-restart.service
, which, when enabled, will restart all containers that were started with --restart=always
after the system reboots.rootless_networking
option in containers.conf
.image:tag@digest
syntax (e.g. podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a
) (#6721).podman container checkpoint
and podman container restore
commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.podman container restore
command now features a new option, --publish
, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.podman container checkpoint
command now features a new option, --compress
, to specify the compression algorithm that will be used on the generated checkpoint.podman pull
command can now pull multiple images at once (e.g. podman pull fedora:34 ubi8:latest
will pull both specified images).podman cp
command can now copy files from one container into another directly (e.g. podman cp containera:/etc/hosts containerb:/etc/
) (#7370).podman cp
command now supports a new option, --archive
, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.podman stats
command now provides two additional metrics: Average CPU, and CPU time.podman pod create
command supports a new flag, --pid
, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.podman pod create
command supports a new flag, --infra-name
, which allows the name of the pod's infra container to be set (#10794).podman auto-update
command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.podman auto-update
command now supports a new option, --dry-run
, which reports what would be updated but does not actually perform the update (#9949).podman build
command now supports a new option, --secret
, to mount secrets into build containers.podman manifest remove
command now has a new alias, podman manifest rm
.podman login
command now supports a new option, --verbose
, to print detailed information about where the credentials entered were stored.podman events
command now supports a new event, exec_died
, which is produced when an exec session exits, and includes the exit code of the exec session.podman system connection add
command now supports adding connections that connect using the tcp://
and unix://
URL schemes.podman system connection list
command now supports a new flag, --format
, to determine how the output is printed.podman volume prune
and podman volume ls
commands' --filter
option now support a new filter, until
, that matches volumes created before a certain time (#10579).podman ps --filter
option's network
filter now accepts a new value: container:
, which matches containers that share a network namespace with a specific container (#10361).podman diff
command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed (#10649).prepare_on_create
option in containers.conf
(#10262).--gpus
, has been added to podman create
and podman run
as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.podman system reset
command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.podman machine
requires gvproxy in order to function.install.cni
makefile option has been removed. It is no longer required to distribute the default 87-podman.conflist
CNI configuration file, as Podman will now automatically create it.--root
option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using --storage-opt
(#10393).podman system connection list
is now deterministic, with connections being sorted alpabetically by their name.podman-auto-update.service
) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.podman generate systemd
now depend on network-online.target
by default (#10655).podman generate systemd
now use Type=notify
by default, instead of using PID files.podman info
command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.podman play kube
command did not perform SELinux relabelling of volumes specified with a mountPath
that included the :z
or :Z
options (#9371).podman play kube
command would ignore the USER
and EXPOSE
directives in images (#9609).podman play kube
command would only accept lowercase pull policies.:z
or :Z
options were not appropriately relabelled for access from the container (#10273).podman logs -f
command, with the journald
log driver, could sometimes fail to pick up the last line of output from a container (#10323).podman rm
on a container created with the --rm
option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.LISTEN_PID
and LISTEN_FDS
environment variables were set, but LISTEN_FDNAMES
was not (#10435).-d
and when the associated podman exec
process was killed before completion.podman system service
could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.slirp4netns
network mode would leave zombie processes that were not cleaned up until podman system service
exited (#9777).podman system service
command would leave zombie processes after its initial launch that were not cleaned up until it exited (#10575).podman machine
could not be started after the host system restarted (#10824).podman pod ps
command would not show headers for optional information (e.g. container names when the --ctr-names
option was given).podman create
and podman run
commands would ignore timezone configuration from the server's containers.conf
file (#11124).podman build
command would only respect .containerignore
and not .dockerignore
files (when both are present, .containerignore
will be preferred) (#10907).podman build
command would fail to send the Dockerfile being built to the server when it was excluded by the .dockerignore
file, resulting in an error (#9867).podman build
command could unexpectedly stop streaming the output of the build (#10154).podman build
command would fail to build when run on Windows (#11259).podman manifest create
command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).podman exec -i
command would hang when input was provided via shell redirection (e.g. podman --remote exec -i foo cat <<<"hello"
) (#7360).--rm
were not immediately removed after being started by podman start
if they failed to start (#10935).--storage-opt
flag to podman create
and podman run
was nonfunctional (#10264).--device-cgroup-rule
option to podman create
and podman run
was nonfunctional (#10302).--tls-verify
option to podman manifest push
was nonfunctional.podman import
command could, in some circumstances, produce empty images (#10994).docker-daemon:
transport had the wrong registry (localhost
instead of docker.io/library
) (#10998).podman image prune
and podman system prune
) would prune untagged images with children (#10832).podman network create
did not properly auto-assign an IPv4 subnet when one was not explicitly specified (#11032).rootlessport
port forwarder would break when a network was disconnected and then reconnected (#10052).--net=host
would add an entry to /etc/hosts
for the container's hostname pointing to 127.0.1.1
(#10319).podman unpause --all
command would throw an error for every container that was not paused (#11098).since
and until
filters using Unix timestamps with a nanoseconds portion could not be parsed (#11131).podman info
command would sometimes print the wrong path for the slirp4netns
binary.podman network connect
and podman network disconnect
of rootless containers could sometimes break port forwarding to the container (#11248).NetworkMode
parameter set to default
(#10569).ContainerConfig
field (#10795).Content-Type
header, rejecting content that Docker would have accepted (#11022).until
query parameter (#10859).platform
, message
, and repo
query parameters.platform
query parameter.Published by mheon about 3 years ago
This is the third release candidate of Podman v3.3.0
Preliminary release notes follow:
podman machine
will now automatically handle port forwarding - containers in podman machine
VMs that publish ports via --publish
or --publish-all
will have these ports not just forwarded on the VM, but also on the host system.podman play kube
command's --network
option now accepts advanced network options (e.g. --network slirp4netns:port_handler=slirp4netns
) (#10807).podman play kube
commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.podman-restart.service
, which, when enabled, will restart all containers that were started with --restart=always
after the system reboots.rootless_networking
option in containers.conf
.image:tag@digest
syntax (e.g. podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a
) (#6721).podman container checkpoint
and podman container restore
commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.podman container restore
command now features a new option, --publish
, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.podman container checkpoint
command now features a new option, --compress
, to specify the compression algorithm that will be used on the generated checkpoint.podman pull
command can now pull multiple images at once (e.g. podman pull fedora:34 ubi8:latest
will pull both specified images).podman cp
command can now copy files from one container into another directly (e.g. podman cp containera:/etc/hosts containerb:/etc/
) (#7370).podman cp
command now supports a new option, --archive
, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.podman stats
command now provides two additional metrics: Average CPU, and CPU time.podman pod create
command supports a new flag, --pid
, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.podman pod create
command supports a new flag, --infra-name
, which allows the name of the pod's infra container to be set (#10794).podman auto-update
command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.podman auto-update
command now supports a new option, --dry-run
, which reports what would be updated but does not actually perform the update (#9949).podman build
command now supports a new option, --secret
, to mount secrets into build containers.podman manifest remove
command now has a new alias, podman manifest rm
.podman login
command now supports a new option, --verbose
, to print detailed information about where the credentials entered were stored.podman events
command now supports a new event, exec_died
, which is produced when an exec session exits, and includes the exit code of the exec session.podman system connection add
command now supports adding connections that connect using the tcp://
and unix://
URL schemes.podman system connection list
command now supports a new flag, --format
, to determine how the output is printed.podman volume prune
and podman volume ls
commands' --filter
option now support a new filter, until
, that matches volumes created before a certain time (#10579).podman ps --filter
option's network
filter now accepts a new value: container:
, which matches containers that share a network namespace with a specific container (#10361).podman diff
command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed (#10649).prepare_on_create
option in containers.conf
(#10262).--gpus
, has been added to podman create
and podman run
as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.podman system reset
command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.podman machine
requires gvproxy in order to function.install.cni
makefile option has been removed. It is no longer required to distribute the default 87-podman.conflist
CNI configuration file, as Podman will now automatically create it.--root
option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using --storage-opt
(#10393).podman system connection list
is now deterministic, with connections being sorted alpabetically by their name.podman-auto-update.service
) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.podman generate systemd
now depend on network-online.target
by default (#10655).podman info
command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.podman play kube
command did not perform SELinux relabelling of volumes specified with a mountPath
that included the :z
or :Z
options (#9371).podman play kube
command would ignore the USER
and EXPOSE
directives in images (#9609).podman play kube
command would only accept lowercase pull policies.:z
or :Z
options were not appropriately relabelled for access from the container (#10273).podman logs -f
command, with the journald
log driver, could sometimes fail to pick up the last line of output from a container (#10323).podman rm
on a container created with the --rm
option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.LISTEN_PID
and LISTEN_FDS
environment variables were set, but LISTEN_FDNAMES
was not (#10435).-d
and when the associated podman exec
process was killed before completion.podman system service
could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.slirp4netns
network mode would leave zombie processes that were not cleaned up until podman system service
exited (#9777).podman system service
command would leave zombie processes after its initial launch that were not cleaned up until it exited (#10575).podman machine
could not be started after the host system restarted (#10824).podman pod ps
command would not show headers for optional information (e.g. container names when the --ctr-names
option was given).podman create
and podman run
commands would ignore timezone configuration from the server's containers.conf
file (#11124).podman build
command would only respect .containerignore
and not .dockerignore
files (when both are present, .containerignore
will be preferred) (#10907).podman build
command would fail to send the Dockerfile being built to the server when it was excluded by the .dockerignore
file, resulting in an error (#9867).podman build
command could unexpectedly stop streaming the output of the build (#10154).podman manifest create
command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).podman exec -i
command would hang when input was provided via shell redirection (e.g. podman --remote exec -i foo cat <<<"hello"
) (#7360).--rm
were not immediately removed after being started by podman start
if they failed to start (#10935).--storage-opt
flag to podman create
and podman run
was nonfunctional (#10264).--device-cgroup-rule
option to podman create
and podman run
was nonfunctional (#10302).--tls-verify
option to podman manifest push
was nonfunctional.podman import
command could, in some circumstances, produce empty images (#10994).docker-daemon:
transport had the wrong registry (localhost
instead of docker.io/library
) (#10998).podman image prune
and podman system prune
) would prune untagged images with children (#10832).podman network create
did not properly auto-assign an IPv4 subnet when one was not explicitly specified (#11032).rootlessport
port forwarder would break when a network was disconnected and then reconnected (#10052).--net=host
would add an entry to /etc/hosts
for the container's hostname pointing to 127.0.1.1
(#10319).podman unpause --all
command would throw an error for every container that was not paused (#11098).since
and until
filters using Unix timestamps with a nanoseconds portion could not be parsed (#11131).podman info
command would sometimes print the wrong path for the slirp4netns
binary.NetworkMode
parameter set to default
(#10569).ContainerConfig
field (#10795).until
query parameter (#10859).platform
, message
, and repo
query parameters.platform
query parameter.Published by lsm5 about 3 years ago
podman machine
will now automatically handle port forwarding - containers in podman machine
VMs that publish ports via --publish
or --publish-all
will have these ports not just forwarded on the VM, but also on the host system.podman play kube
command's --network
option now accepts advanced network options (e.g. --network slirp4netns:port_handler=slirp4netns
) (#10807).podman play kube
commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.podman-restart.service
, which, when enabled, will restart all containers that were started with --restart=always
after the system reboots.rootless_networking
option in containers.conf
.image:tag@digest
syntax (e.g. podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a
) (#6721).podman container checkpoint
and podman container restore
commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.podman container restore
command now features a new option, --publish
, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.podman container checkpoint
command now features a new option, --compress
, to specify the compression algorithm that will be used on the generated checkpoint.podman pull
command can now pull multiple images at once (e.g. podman pull fedora:34 ubi8:latest
will pull both specified images).podman cp
command can now copy files from one container into another directly (e.g. podman cp containera:/etc/hosts containerb:/etc/
) (#7370).podman cp
command now supports a new option, --archive
, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.podman stats
command now provides two additional metrics: Average CPU, and CPU time.podman pod create
command supports a new flag, --pid
, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.podman pod create
command supports a new flag, --infra-name
, which allows the name of the pod's infra container to be set (#10794).podman auto-update
command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.podman auto-update
command now supports a new option, --dry-run
, which reports what would be updated but does not actually perform the update (#9949).podman build
command now supports a new option, --secret
, to mount secrets into build containers.podman manifest remove
command now has a new alias, podman manifest rm
.podman login
command now supports a new option, --verbose
, to print detailed information about where the credentials entered were stored.podman events
command now supports a new event, exec_died
, which is produced when an exec session exits, and includes the exit code of the exec session.podman system connection add
command now supports adding connections that connect using the tcp://
and unix://
URL schemes.podman system connection list
command now supports a new flag, --format
, to determine how the output is printed.podman volume prune
and podman volume ls
commands' --filter
option now support a new filter, until
, that matches volumes created before a certain time (#10579).podman ps --filter
option's network
filter now accepts a new value: container:
, which matches containers that share a network namespace with a specific container (#10361).podman diff
command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed (#10649).prepare_on_create
option in containers.conf
(#10262).--gpus
, has been added to podman create
and podman run
as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.podman system reset
command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.podman machine
requires gvproxy in order to function.install.cni
makefile option has been removed. It is no longer required to distribute the default 87-podman.conflist
CNI configuration file, as Podman will now automatically create it.--root
option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using --storage-opt
(#10393).podman system connection list
is now deterministic, with connections being sorted alpabetically by their name.podman-auto-update.service
) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.podman generate systemd
now depend on network-online.target
by default (#10655).podman info
command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.podman play kube
command did not perform SELinux relabelling of volumes specified with a mountPath
that included the :z
or :Z
options (#9371).podman play kube
command would ignore the USER
and EXPOSE
directives in images (#9609).podman play kube
command would only accept lowercase pull policies.:z
or :Z
options were not appropriately relabelled for access from the container (#10273).podman logs -f
command, with the journald
log driver, could sometimes fail to pick up the last line of output from a container (#10323).podman rm
on a container created with the --rm
option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.LISTEN_PID
and LISTEN_FDS
environment variables were set, but LISTEN_FDNAMES
was not (#10435).-d
and when the associated podman exec
process was killed before completion.podman system service
could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.slirp4netns
network mode would leave zombie processes that were not cleaned up until podman system service
exited (#9777).podman system service
command would leave zombie processes after its initial launch that were not cleaned up until it exited (#10575).podman machine
could not be started after the host system restarted (#10824).podman pod ps
command would not show headers for optional information (e.g. container names when the --ctr-names
option was given).podman create
and podman run
commands would ignore timezone configuration from the server's containers.conf
file (#11124).podman build
command would only respect .containerignore
and not .dockerignore
files (when both are present, .containerignore
will be preferred) (#10907).podman build
command would fail to send the Dockerfile being built to the server when it was excluded by the .dockerignore
file, resulting in an error (#9867).podman build
command could unexpectedly stop streaming the output of the build (#10154).podman manifest create
command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).podman exec -i
command would hang when input was provided via shell redirection (e.g. podman --remote exec -i foo cat <<<"hello"
) (#7360).--rm
were not immediately removed after being started by podman start
if they failed to start (#10935).--storage-opt
flag to podman create
and podman run
was nonfunctional (#10264).--device-cgroup-rule
option to podman create
and podman run
was nonfunctional (#10302).--tls-verify
option to podman manifest push
was nonfunctional.podman import
command could, in some circumstances, produce empty images (#10994).docker-daemon:
transport had the wrong registry (localhost
instead of docker.io/library
) (#10998).podman image prune
and podman system prune
) would prune untagged images with children (#10832).podman network create
did not properly auto-assign an IPv4 subnet when one was not explicitly specified (#11032).rootlessport
port forwarder would break when a network was disconnected and then reconnected (#10052).--net=host
would add an entry to /etc/hosts
for the container's hostname pointing to 127.0.1.1
(#10319).podman unpause --all
command would throw an error for every container that was not paused (#11098).since
and until
filters using Unix timestamps with a nanoseconds portion could not be parsed (#11131).podman info
command would sometimes print the wrong path for the slirp4netns
binary.NetworkMode
parameter set to default
(#10569).ContainerConfig
field (#10795).until
query parameter (#10859).platform
, message
, and repo
query parameters.platform
query parameter.Published by ashley-cui over 3 years ago
podman build
command with the --isolation chroot
flag that results in environment variables from the host leaking into build containers.podman save
would refuse to save images with an architecture different from that of the host (#10835).podman import
command did not correctly handle images without tags (#10854).dnsname
CNI plugin was in use and the host system's /etc/resolv.conf
was a symlink (#10855 and #10929).Published by mheon over 3 years ago
podman cp
would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.podman logs
command would, when following a running container's logs, not include the last line of output from the container when it exited when the k8s-file
driver was in use (#10675).systemd-resolved
was incorrectly detected as the system's DNS server (#10733).podman exec -t
command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set (#10560).slirp4netns
network mode would add an incorrect entry to /etc/hosts
pointing the container's hostname to the wrong IP address.uid
and gid
options to podman volume create -o
(#10620).podman run
command could panic when parsing the system's cgroup configuration (#10666).podman build -f - ...
command did not read a Containerfile from STDIN (#10621).podman container restore --import
command would fail to restore checkpoints created from privileged containers (#10615).TMPDIR
environment variable when pulling images (#10698).--format
option.devices
query parameter (#10614).make podman-remote-static
target to build a statically-linked podman-remote
binary was instead producing dynamic binaries (#10656).Published by mheon over 3 years ago
podman pull
of the same image (instead of requiring they be removed first, then re-pulled)./usr/share/containers/seccomp.json
(#10556).podman machine start
command failed on OS X machines with the AMD64 architecture and certain QEMU versions (#10555).podman stats
command would fail on Cgroups v1 systems when run on a container running systemd (#10602).podman container checkpoint
did not function correctly.podman build
command did not properly handle the -f
option (#9871).podman run
command would sometimes not resize the container's terminal before execution began (#9859).--filter
option to the podman image prune
command was nonfunctional.podman logs -f
command would exit before all output for a container was printed when the k8s-file
log driver was in use (#10596).podman network connect
and podman network disconnect
commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.Published by mheon over 3 years ago
podman network connect
, podman network disconnect
, and podman network reload
commands have been enabled for rootless Podman.podman machine
, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.podman generate kube
command can now be run on Podman named volumes (generating PersistentVolumeClaim
YAML), in addition to pods and containers.podman play kube
command now supports two new options, --ip
and --mac
, to set static IPs and MAC addresses for created pods (#8442 and #9731).podman play kube
command's support for PersistentVolumeClaim
YAML has been greatly improved.podman generate kube
command now preserves the label used by podman auto-update
to identify containers to update as a Kubernetes annotation, and the podman play kube
command will convert this annotation back into a label. This allows podman auto-update
to be used with containers created by podman play kube
.podman play kube
command now supports Kubernetes secretRef
YAML (using the secrets support from podman secret
) for environment variables.type=env
option to the --secret
flag to podman create
and podman run
.podman start
command now supports the --all
option, allowing all containers to be started simultaneously with a single command. The --filter
option has also been added to filter which containers to start when --all
is used.--filter
option to podman ps
and podman start
now supports a new filter, restart-policy
, to filter containers based on their restart policy.--group-add
option to rootless podman run
and podman create
now accepts a new value, keep-groups
, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the crun
OCI runtime.podman run
and podman create
commands now support a new option, --timeout
. This sets a maximum time the container is allowed to run, after which it is killed (#6412).podman run
and podman create
commands now support a new option, --pidfile
. This will create a file when the container is started containing the PID of the first process in the container.podman run
and podman create
commands now support a new option, --requires
. The --requires
option adds dependency containers - containers that must be running before the current container. Commands like podman start
will automatically start the requirements of a container before starting the container itself.io.containers.autoupdate
label set to local
./etc/hosts
, host.containers.internal
, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) (#5651).podman ps
, podman pod ps
, podman network list
, podman secret list
, and podman volume list
commands now support a --noheading
option, which will cause Podman to omit the heading line including column names.podman unshare
command now supports a new flag, --rootless-cni
, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.--security-opt unmask=
option to podman run
and podman create
now supports glob operations to unmask a group of paths at once (e.g. podman run --security-opt unmask=/proc/* ...
will unmask all paths in /proc
in the container).podman network prune
command now supports a --filter
option to filter which networks will be pruned.:z
and :Z
mount options for volumes were ignored for privileged containers has been reverted after discussion in #10209.rootless-cni-infra
container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image (#8709).podman auto-update
command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates (#10190).podman play kube
now treats environment variables configured as references to a ConfigMap
as mandatory unless the optional
parameter was set; this better matches the behavior of Kubernetes.--context=default
flag from Docker as a no-op for compatibility purposes.CAP_SYS_ADMIN
being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).podman info
command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.--rm
option now automatically use the volatile
storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.podman generate systemd --new
command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.podman build
command did not support the --arch
, --platform
, and --os
, options.podman build
command ignored the --rm=false
option (#9869).podman build --iidfile
command could include extra output (in addition to just the image ID) in the image ID file written (#10233).podman build
command did not preserve hardlinks when moving files into the container via COPY
instructions (#9893).podman generate systemd --new
command could generate extra --iidfile
arguments if the container was already created with one.podman generate systemd --new
command would generate unit files that did not include RequiresMountsFor
lines (#10493).podman generate kube
command produced incorrect YAML for containers which bind-mounted both /
and /root
from the host system into the container (#9764).podman play kube
from YAML that specified ShareProcessNamespace
would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) (#9128).podman network reload
command could generate spurious error messages when iptables-nft
was in use.podman ps
command could fail with a no such container
error due to a race condition with container removal (#10120).slirp4netns
network mode and setting a custom slirp4netns
subnet while using the rootlesskit
port forwarder would not be able to forward ports (#9828).--filter ancestor=
option to podman ps
did not require an exact match of the image name/ID to include a container in its results.--filter until=
option to podman image prune
would prune images created after the specified time (instead of before).seccomp_profile
option in containers.conf
had no effect, and the default profile was used instead.--cgroup-parent
option to podman create
and podman run
was ignored in rootless Podman on cgroups v2 systems with the cgroupfs
cgroup manager (#10173).IMAGE
and NAME
variables in podman container runlabel
were not being correctly substituted (#10192).--restart=always
) would lose networking after being restarted (#8047).podman cp
command could not copy files into containers created with the --pid=host
flag (#9985).podman events
command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) (#10507).resolv.conf
in containers without IPv6 connectivity (#10158).macvlan
driver (#10283).IPAMConfig
block (#10245).died
instead of die
) (#10168).Published by mheon over 3 years ago
This is the third release candidate for Podman v3.2.0. We expect it will be the final RC.
Preliminary release notes follow:
podman network connect
, podman network disconnect
, and podman network reload
commands have been enabled for rootless Podman.podman machine
, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.podman generate kube
command can now be run on Podman named volumes (generating PersistentVolumeClaim
YAML), in addition to pods and containers.podman play kube
command now supports two new options, --ip
and --mac
, to set static IPs and MAC addresses for created pods (#8442 and #9731).podman play kube
command's support for PersistentVolumeClaim
YAML has been greatly improved.podman generate kube
command now preserves the label used by podman auto-update
to identify containers to update as a Kubernetes annotation, and the podman play kube
command will convert this annotation back into a label. This allows podman auto-update
to be used with containers created by podman play kube
.podman play kube
command now supports Kubernetes secretRef
YAML (using the secrets support from podman secret
) for environment variables.type=env
option to the --secret
flag to podman create
and podman run
.podman start
command now supports the --all
option, allowing all containers to be started simultaneously with a single command. The --filter
option has also been added to filter which containers to start when --all
is used.--filter
option to podman ps
and podman start
now supports a new filter, restart-policy
, to filter containers based on their restart policy.--group-add
option to rootless podman run
and podman create
now accepts a new value, keep-groups
, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the crun
OCI runtime.podman run
and podman create
commands now support a new option, --timeout
. This sets a maximum time the container is allowed to run, after which it is killed (#6412).podman run
and podman create
commands now support a new option, --pidfile
. This will create a file when the container is started containing the PID of the first process in the container.podman run
and podman create
commands now support a new option, --requires
. The --requires
option adds dependency containers - containers that must be running before the current container. Commands like podman start
will automatically start the requirements of a container before starting the container itself.io.containers.autoupdate
label set to local
./etc/hosts
, host.containers.internal
, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) (#5651).podman ps
, podman pod ps
, podman network list
, podman secret list
, and podman volume list
commands now support a --noheading
option, which will cause Podman to omit the heading line including column names.podman unshare
command now supports a new flag, --rootless-cni
, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.--security-opt unmask=
option to podman run
and podman create
now supports glob operations to unmask a group of paths at once (e.g. podman run --security-opt unmask=/proc/* ...
will unmask all paths in /proc
in the container).podman network prune
command now supports a --filter
option to filter which networks will be pruned.:z
and :Z
mount options for volumes were ignored for privileged containers has been reverted after discussion in #10209.rootless-cni-infra
container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image (#8709).podman auto-update
command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates (#10190).podman play kube
now treats environment variables configured as references to a ConfigMap
as mandatory unless the optional
parameter was set; this better matches the behavior of Kubernetes.--context=default
flag from Docker as a no-op for compatibility purposes.CAP_SYS_ADMIN
being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).podman info
command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.--rm
option now automatically use the volatile
storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.podman generate systemd --new
command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.podman build
command did not support the --arch
, --platform
, and --os
, options.podman build
command ignored the --rm=false
option (#9869).podman build --iidfile
command could include extra output (in addition to just the image ID) in the image ID file written (#10233).podman build
command did not preserve hardlinks when moving files into the container via COPY
instructions (#9893).podman generate systemd --new
command could generate extra --iidfile
arguments if the container was already created with one.podman generate kube
command produced incorrect YAML for containers which bind-mounted both /
and /root
from the host system into the container (#9764).podman play kube
from YAML that specified ShareProcessNamespace
would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) (#9128).podman network reload
command could generate spurious error messages when iptables-nft
was in use.podman ps
command could fail with a no such container
error due to a race condition with container removal (#10120).slirp4netns
network mode and setting a custom slirp4netns
subnet while using the rootlesskit
port forwarder would not be able to forward ports (#9828).--filter ancestor=
option to podman ps
did not require an exact match of the image name/ID to include a container in its results.--filter until=
option to podman image prune
would prune images created after the specified time (instead of before).seccomp_profile
option in containers.conf
had no effect, and the default profile was used instead.--cgroup-parent
option to podman create
and podman run
was ignored in rootless Podman on cgroups v2 systems with the cgroupfs
cgroup manager (#10173).IMAGE
and NAME
variables in podman container runlabel
were not being correctly substituted (#10192).--restart=always
) would lose networking after being restarted (#8047).podman cp
command could not copy files into containers created with the --pid=host
flag (#9985).IPAMConfig
block (#10245).died
instead of die
) (#10168).Published by mheon over 3 years ago
This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well
Preliminary release notes follow:
podman network connect
, podman network disconnect
, and podman network reload
commands have been enabled for rootless Podman.podman machine
, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.podman generate kube
command can now be run on Podman named volumes (generating PersistentVolumeClaim
YAML), in addition to pods and containers.podman play kube
command now supports two new options, --ip
and --mac
, to set static IPs and MAC addresses for created pods (#8442 and #9731).podman play kube
command's support for PersistentVolumeClaim
YAML has been greatly improved.podman generate kube
command now preserves the label used by podman auto-update
to identify containers to update as a Kubernetes annotation, and the podman play kube
command will convert this annotation back into a label. This allows podman auto-update
to be used with containers created by podman play kube
.podman play kube
command now supports Kubernetes secretRef
YAML (using the secrets support from podman secret
) for environment variables.type=env
option to the --secret
flag to podman create
and podman run
.podman start
command now supports the --all
option, allowing all containers to be started simultaneously with a single command. The --filter
option has also been added to filter which containers to start when --all
is used.--filter
option to podman ps
and podman start
now supports a new filter, restart-policy
, to filter containers based on their restart policy.--group-add
option to rootless podman run
and podman create
now accepts a new value, keep-groups
, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the crun
OCI runtime.podman run
and podman create
commands now support a new option, --timeout
. This sets a maximum time the container is allowed to run, after which it is killed (#6412).podman run
and podman create
commands now support a new option, --pidfile
. This will create a file when the container is started containing the PID of the first process in the container.podman run
and podman create
commands now support a new option, --requires
. The --requires
option adds dependency containers - containers that must be running before the current container. Commands like podman start
will automatically start the requirements of a container before starting the container itself.io.containers.autoupdate
label set to local
./etc/hosts
, host.containers.internal
, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) (#5651).podman ps
, podman pod ps
, podman network list
, podman secret list
, and podman volume list
commands now support a --noheading
option, which will cause Podman to omit the heading line including column names.podman unshare
command now supports a new flag, --rootless-cni
, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.--security-opt unmask=
option to podman run
and podman create
now supports glob operations to unmask a group of paths at once (e.g. podman run --security-opt unmask=/proc/* ...
will unmask all paths in /proc
in the container).podman network prune
command now supports a --filter
option to filter which networks will be pruned.:z
and :Z
mount options for volumes were ignored for privileged containers has been reverted after discussion in #10209.rootless-cni-infra
container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image (#8709).podman auto-update
command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates (#10190).podman play kube
now treats environment variables configured as references to a ConfigMap
as mandatory unless the optional
parameter was set; this better matches the behavior of Kubernetes.--context=default
flag from Docker as a no-op for compatibility purposes.CAP_SYS_ADMIN
being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).podman info
command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally.--rm
option now automatically use the volatile
storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.podman generate systemd --new
command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.podman build
command did not support the --arch
, --platform
, and --os
, options.podman build
command ignored the --rm=false
option (#9869).podman generate systemd --new
command could generate extra --iidfile
arguments if the container was already created with one.podman generate kube
command produced incorrect YAML for containers which bind-mounted both /
and /root
from the host system into the container (#9764).podman play kube
from YAML that specified ShareProcessNamespace
would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) (#9128).podman network reload
command could generate spurious error messages when iptables-nft
was in use.podman ps
command could fail with a no such container
error due to a race condition with container removal (#10120).slirp4netns
network mode and setting a custom slirp4netns
subnet while using the rootlesskit
port forwarder would not be able to forward ports (#9828).--filter ancestor=
option to podman ps
did not require an exact match of the image name/ID to include a container in its results.--filter until=
option to podman image prune
would prune images created after the specified time (instead of before).seccomp_profile
option in containers.conf
had no effect, and the default profile was used instead.--cgroup-parent
option to podman create
and podman run
was ignored in rootless Podman on cgroups v2 systems with the cgroupfs
cgroup manager (#10173).IMAGE
and NAME
variables in podman container runlabel
were not being correctly substituted (#10192).podman build --iidfile
command could include extra output (in addition to just the image ID) in the image ID file written (#10233).--restart=always
) would lose networking after being restarted (#8047).IPAMConfig
block (#10245).died
instead of die
) (#10168).Published by mheon over 3 years ago
This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes.
Full release notes will be available with the release of RC2 next week.
Published by mheon over 3 years ago
podman rmi
command could fail to remove corrupt images from storage.podman save
command did not support the oci-dir
and docker-dir
formats (#9742).podman play kube
created with a trailing /
in the container path were were not properly superceding named volumes from the image (#9618).Published by mheon over 3 years ago
trace
as a valid argument to the --log-level
command. Trace logging is now the most verbose level of logging available.:z
and :Z
options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (--security-opt label=disable
). This matches better matches Docker's behavior in this case.podman image prune
or podman system prune
commands could cause Podman to panic.podman save
command did not properly error when the --compress
flag was used with incompatible format types.--security-opt
and --ulimit
options to the remote Podman client's podman build
command were nonfunctional.--log-rusage
option to the remote Podman client's podman build
command was nonfunctional (#9489).podman build
command could, in some circumstances, use the wrong OCI runtime (#9459).podman build
command could return 0 despite failing (#10029).podman container runlabel
command did not properly expand the IMAGE
and NAME
variables in the label (#9405).--rm
argument (#9983).cgroupfs
cgroup manager was in use.podman stats
command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer (#9979).--userns=keepid
(without a --user
flag in addition) would grant exec sessions run in them too many capabilities (#9919).--authfile
option to podman build
did not validate that the path given existed (#9572).--storage-opt
option to Podman was appending to, instead of overriding (as is documented), the default storage options.podman system service
connection did not function properly when run in a socket-activated systemd unit file as a non-root user.--network
option to the podman play kube
command of the remote Podman client was being ignored (#9698).--log-driver
option to the podman play kube
command was nonfunctional (#10015).Published by mheon over 3 years ago
podman secret create
, podman secret inspect
, podman secret ls
and podman secret rm
commands have been added to handle secrets, along with the --secret
option to podman run
and podman create
to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.podman network prune
, has been added (#8673).-v
option to podman run
and podman create
now supports a new volume option, :U
, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues (#7778).podman network exists
, podman volume exists
, and podman manifest exists
, have been added to check for the existence of networks, volumes, and manifest lists.podman cp
command can now copy files into directories mounted as tmpfs
in a running container.podman volume prune
command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune (#8913).podman build
command now supports the --disable-compression
, --excludes
, and --jobs
options.podman push
command now supports the --format
option.podman rm
command now supports the --all
and --ignore
options.podman search
command now supports the --no-trunc
and --list-tags
options.podman play kube
command can now read in Kubernetes YAML from STDIN
when -
is specified as file name (podman play kube -
), allowing input to be piped into the command for scripting (#8996).podman generate systemd
command now supports a --no-header
option, which disables creation of the header comment automatically added by Podman to generated unit files.podman generate kube
command can now generate PersistentVolumeClaim
YAML for Podman named volumes (#5788).podman generate kube
command can now generate YAML files containing multiple resources (pods or deployments) (#9129).podman build
command no longer allows the -v
flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.podman kill
and podman stop
commands now print the name given by the user for each container, instead of the full ID.--security-opt unmask=ALL
or --security-opt unmask=/sys/fs/cgroup
options to podman create
or podman run
are given, Podman will mount cgroups into the container as read-write, instead of read-only (#8441).podman rmi
command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.podman rename
command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.--trace
option to podman
has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.podman generate systemd
command now generates RequiresMountsFor
lines to ensure necessary storage directories are mounted before systemd starts Podman.--tty
and --interactive
are both passed, but STDIN
is not a TTY. This will be made into an error in the next major Podman release some time next year.podman network create
with the --macvlan
flag did not honor the --gateway
, --subnet
, and --opt
options (#9167).podman generate kube
command generated invalid YAML for privileged containers (#8897).podman generate kube
command could not be used with containers that were not running.podman generate systemd
command could duplicate some parameters to Podman in generated unit files (#9776).containers.conf
to containers.no_hosts
default in containers.conf
when creating containers.--tail=0
, --since
, and --follow
options to the podman logs
command did not function properly when using the journald
log backend.podman logs
when the journald
log backend was in use did not function correctly.podman run
and podman create
commands would panic if a memory limit was set, but the swap limit was set to unlimited (#9429).--network
option to podman run
, podman create
, and podman pod create
would error if the user attempted to specify CNI networks by ID, instead of name (#9451).podman stats
command (#9252).podman cp
did not properly handle cases where /dev/stdout
was specified as the destination (it was treated identically to -
) (#9362).podman cp
command would create files with incorrect ownership (#9526).podman cp
command did not properly handle cases where the destination directory did not exist.podman cp
command did not properly evaluate symlinks when copying out of containers.podman rm -fa
command would error when attempting to remove containers created with --rm
(#9479).CapDrop
field of the output of podman inspect
on a container (#9490).podman network connect
command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with --net=host
) (#9496).dnsname
CNI plugin were not being added to container's resolv.conf
under some circumstances.--ignorefile
option to podman build
was nonfunctional (#9570).--timestamp
option to podman build
was nonfunctional (#9569).--iidfile
option to podman build
could cause Podman to panic if an error occurred during the build.--dns-search
option to podman build
was nonfunctional (#9574).--pull-never
option to podman build
was nonfunctional (#9573).--build-arg
option to podman build
would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) (#9571).--isolation
option to podman build
in the remote Podman client was nonfunctional.podman network disconnect
command could cause errors when the container that had a network removed was stopped and its network was cleaned up (#9602).podman network rm
command did not properly check what networks a container was present in, resulting in unexpected behavior if podman network connect
or podman network disconnect
had been used with the network (#9632).stopping
state (#9615).podman load
command could return 0 even in cases where an error occurred (#9672).--storage-opt
option would override all storage options. Instead, storage options are now overridden only when the --storage-driver
option is used to override the current graph driver (#9657).--privileged
could request more capabilities than were available to Podman.podman commit
did not use the TMPDIR
environment variable to place temporary files created during the commit (#9825).CONFIG_USER_NS
.podman volume create
and then mounted into a container could be incorrect (#9608).--tz
option to podman create
and podman run
did not properly validate its input.X-Registry-Auth
header did not accept null
as a valid value./auth
, has been added. This endpoint validates credentials against a registry (#9564).[]
), when no networks were present (#9293)./libpod/network/$ID/json
) now has an alias at /libpod/network/$ID
(#9691).NanoCpus
option (#9523).Published by mheon over 3 years ago
This is the second release candidate for Podman v3.1.0
Preliminary release notes are below. Please note that these are subject to change until the final release.
podman secret create
, podman secret inspect
, podman secret ls
and podman secret rm
commands have been added to handle secrets, along with the --secret
option to podman run
and podman create
to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.podman network prune
, has been added (#8673).-v
option to podman run
and podman create
now supports a new volume option, :U
, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues (#7778).podman network exists
, podman volume exists
, and podman manifest exists
, have been added to check for the existence of networks, volumes, and manifest lists.podman cp
command can now copy files into directories mounted as tmpfs
in a running container.podman volume prune
command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune (#8913).podman build
command now supports the --disable-compression
, --excludes
, and --jobs
options.podman push
command now supports the --format
option.podman rm
command now supports the --all
and --ignore
options.podman search
command now supports the --no-trunc
and --list-tags
options.podman play kube
command can now read in Kubernetes YAML from STDIN
when -
is specified as file name (podman play kube -
), allowing input to be piped into the command for scripting (#8996).podman generate systemd
command now supports a --no-header
option, which disables creation of the header comment automatically added by Podman to generated unit files.podman build
command no longer allows the -v
flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.podman kill
and podman stop
commands now print the name given by the user for each container, instead of the full ID.--security-opt unmask=ALL
or --security-opt unmask=/sys/fs/cgroup
options to podman create
or podman run
are given, Podman will mount cgroups into the container as read-write, instead of read-only (#8441).podman rmi
command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.podman rename
command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.--trace
option to podman
has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.podman network create
with the --macvlan
flag did not honor the --gateway
, --subnet
, and --opt
options (#9167).podman generate kube
command generated invalid YAML for privileged containers (#8897).podman generate kube
command could not be used with containers that were not running.containers.conf
to containers.no_hosts
default in containers.conf
when creating containers.--tail=0
, --since
, and --follow
options to the podman logs
command did not function properly when using the journald
log backend.podman logs
when the journald
log backend was in use did not function correctly.podman run
and podman create
commands would panic if a memory limit was set, but the swap limit was set to unlimited (#9429).--network
option to podman run
, podman create
, and podman pod create
would error if the user attempted to specify CNI networks by ID, instead of name (#9451).podman stats
command (#9252).podman cp
did not properly handle cases where /dev/stdout
was specified as the destination (it was treated identically to -
) (#9362).podman cp
command would create files with incorrect ownership (#9526).podman cp
command did not properly handle cases where the destination directory did not exist.podman cp
command did not properly evaluate symlinks when copying out of containers.podman rm -fa
command would error when attempting to remove containers created with --rm
(#9479).CapDrop
field of the output of podman inspect
on a container (#9490).podman network connect
command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with --net=host
) (#9496).dnsname
CNI plugin were not being added to container's resolv.conf
under some circumstances.--ignorefile
option to podman build
was nonfunctional (#9570).--timestamp
option to podman build
was nonfunctional (#9569).--iidfile
option to podman build
could cause Podman to panic if an error occurred during the build.--dns-search
option to podman build
was nonfunctional (#9574).--build-arg
option to podman build
would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) (#9571).podman network disconnect
command could cause errors when the container that had a network removed was stopped and its network was cleaned up (#9602).podman network rm
command did not properly check what networks a container was present in, resulting in unexpected behavior if podman network connect
or podman network disconnect
had been used with the network (#9632).stopping
state (#9615).podman load
command could return 0 even in cases where an error occurred (#9672).--storage-opt
option would override all storage options. Instead, storage options are now overridden only when the --storage-driver
option is used to override the current graph driver (#9657).--privileged
could request more capabilities than were available to Podman.X-Registry-Auth
header did not accept null
as a valid value./auth
, has been added. This endpoint validates credentials against a registry (#9564).[]
), when no networks were present (#9293)./libpod/network/$ID/json
) now has an alias at /libpod/network/$ID
(#9691).NanoCpus
option (#9523).