podman

This is the first release candidate for Podman v3.1.0. Release is expected later this week.

Changes

• Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.

Bugfixes

• Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
• Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
• Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
• Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
• Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
• Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
• Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).
• Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
• Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
• Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
• Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
• Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
• Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
• Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).

API

• Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
• Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
• Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
• Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
• The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.

Misc

• Updated Buildah to v1.19.4
• Updated the containers/storage library to v1.24.6

Features

• Podman now features initial support for Docker Compose.
• Added the podman rename command, which allows containers to be renamed after they are created (#1925).
• The Podman remote client now supports the podman copy command.
• A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
• Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
• Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
• The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
• The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
• The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
• The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
• The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
• The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
• The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
• The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
• The podman pod create command now supports the --net=none option (#9165).
• The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
• Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
• The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
• The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
• The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
• The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
• The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
• The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
• The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
• The podman volume prune commands now supports filtering what volumes will be pruned.
• The podman system prune command now includes information on space reclaimed (#8658).
• The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
• The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
• The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
• The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
• Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
• The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).

Security

• A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.

Changes

• Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
• The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
• The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
• The legacy Varlink API has been completely removed from Podman.
• The default log level for Podman has been changed from Error to Warn.
• The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
• The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
• The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
• The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
• Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
• Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
• Error messages for podman run when an invalid SELinux is specified have been improved.
• Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
• Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
• SSH public key handling for remote Podman has been improved.

Bugfixes

• Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
• Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
• Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
• Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
• Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
• Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
• Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
• Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
• Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
• Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
• Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
• Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
• Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
• Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
• Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
• Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
• Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
• Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
• Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
• Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
• Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
• Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
• Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
• Fixed a bug where locale environment variables were not properly passed on to Conmon.
• Fixed a bug where Podman would not build on the MIPS architecture (#8782).
• Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
• Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
• Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
• Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
• Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
• Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
• Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
• Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
• Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
• Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
• Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
• Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
• Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
• Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
• Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
• Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
• Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
• Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
• Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
• Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
• Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
• Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
• Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
• Fixed a bug where --format did not support JSON output for individual fields (#8444).
• Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
• Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
• Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
• Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
• Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
• Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
• Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
• Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
• Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
• Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
• Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).

API

• Libpod API version has been bumped to v3.0.0.
• All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
• The Compat API for Containers now supports the Rename and Copy APIs.
• Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
• Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
• Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
• Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
• Fixed a bug where the Compat Create API for Containers did not set container name properly.
• Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
• Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
• Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
• Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
• Fixed a bug where the Libpod Exists endpoint for Images could panic.
• Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
• Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
• Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
• Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
• Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
• Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
• Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
• Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.

Misc

• Updated Buildah to v1.19.2
• Updated the containers/storage library to v1.24.5
• Updated the containers/image library to v5.10.2
• Updated the containers/common library to v0.33.4

Please note that these release notes are preliminary until v3.0.0 final is released

Features

• Podman now features initial support for Docker Compose.
• Added the podman rename command, which allows containers to be renamed after they are created (#1925).
• The Podman remote client now supports the podman copy command.
• A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
• Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
• Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
• The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
• The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
• The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
• The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
• The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
• The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
• The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
• The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
• The podman pod create command now supports the --net=none option (#9165).
• The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
• Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
• The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
• The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
• The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
• The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
• The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
• The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
• The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
• The podman volume prune commands now supports filtering what volumes will be pruned.
• The podman system prune command now includes information on space reclaimed (#8658).
• The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
• The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
• The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
• The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
• Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
• The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).

Security

• A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.

Changes

• Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
• The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
• The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
• The legacy Varlink API has been completely removed from Podman.
• The default log level for Podman has been changed from Error to Warn.
• The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
• The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
• The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
• The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
• Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
• Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
• Error messages for podman run when an invalid SELinux is specified have been improved.
• Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
• Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
• SSH public key handling for remote Podman has been improved.

Bugfixes

• Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
• Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
• Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
• Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
• Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
• Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
• Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
• Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
• Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
• Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
• Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
• Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
• Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
• Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
• Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
• Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
• Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
• Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
• Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
• Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
• Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
• Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
• Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
• Fixed a bug where locale environment variables were not properly passed on to Conmon.
• Fixed a bug where Podman would not build on the MIPS architecture (#8782).
• Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
• Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
• Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
• Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
• Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
• Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
• Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
• Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
• Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
• Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
• Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
• Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
• Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
• Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
• Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
• Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
• Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
• Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
• Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
• Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
• Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
• Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
• Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
• Fixed a bug where --format did not support JSON output for individual fields (#8444).
• Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
• Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
• Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
• Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
• Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
• Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
• Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).

API

• Libpod API version has been bumped to v3.0.0.
• All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
• The Compat API for Containers now supports the Rename and Copy APIs.
• Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
• Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
• Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
• Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
• Fixed a bug where the Compat Create API for Containers did not set container name properly.
• Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
• Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
• Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
• Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
• Fixed a bug where the Libpod Exists endpoint for Images could panic.
• Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
• Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
• Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
• Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
• Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
• Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
• Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.

Misc

• Updated Buildah to v1.19.2
• Updated the containers/storage library to v1.24.5
• Updated the containers/common library to v0.33.4

This is the second release candidate of Podman v3.0.

Features

• Add ability to set system wide options for slirp4netns
• Add --cidfile to container kill
• Add commas between mount options
• Add compose regression to ci
• Add containerenv information to /run/.containerenv
• Add default sysctls for pod infra containers
• Add --filter to podman system prune
• Adding json formatting to --list-tags option in podman search command.
• Add mask and unmask option to --security-opt
• Add 'MemUsageBytes' format option
• Add more information and examples on podman and pipes
• Add network filter for podman ps and pod ps
• Add Networks format placeholder to podman ps and pod ps
• Add pod filter for ps
• Add podman network create option for bridge mtu
• Add podman network create option for bridge vlan
• Add pre checkpoint
• Add Security information to podman info
• Add support for Gentoo file to package query
• Add support for network ids
• Add support for pacman package version query
• Add support for persistent volume claims in kube files
• Add support for --platform
• Add systempaths=unconfined option
• Add volume filters to system prune
• Add volume prune --filter support
• Allow podman push to push manifest lists
• Allow users to specify TMPDIR in containers.conf
• Always add the default gateway to the cni config file
• Drop default log-level from error to warn
• Enable short-name aliasing
• Generate kube on multiple containers
• Generate systemd: do not set KillMode
• Image sign using per user registries.d
• Implement pod-network-reload
• Include named volumes in container migration
• Initial implementation of renaming containers
• Initial implementation of volume plugins
• Network connect disconnect on non-running containers
• Not use local image create/add manifest
• Podman network label support
• Prepare support in kube play for other volume types than hostPath
• Remote copy
• Remove the ability to use [name:tag] in podman load command
• Remove varlink support from Podman
• Sign multi-arch images
• Support --network=default as if it was private
• Support Unix timestamps for podman logs --since

Changes

• Add LogSize to container inspect
• Allow image errors to bubble up from lower level functions.
• Change name of imageVolumes in container config JSON
• Cleanup CNI Networks on reboot
• Consolidate filter logic to pkg subdirectory
• Make podman stats slirp check more robust
• More /var/run -> /run
• Prefer read/write images over read/only images
• Refactor kube.ToSpecGen parameters to struct
• Rename AutocompletePortCommand func
• Repeat system pruning until there is nothing removed
• Switch references of /var/run -> /run
• Use HTTPProxy settings from containers.conf
• Use Libpod tmpdir for pause path
• Use Options as CRImportCheckpoint() argument
• Use Options as exportCheckpoint() argument
• Use PasswordCallback instead of Password for ssh
• Use abi PodPs implementation for libpod/pods/json endpoint
• Validate that the bridge option is supported
• archive: move stat-header handling into copy package
• libpod, conmon: change log level for rootless
• libpod: change function to accept ExecOptions
• libpod: handle single user mapped as root
• make podman play use ENVs from image
• pkg/copy: introduce a Copier
• podman events allow future time for --until
• podman.service should be an exec service not a notify service
• rewrite podman-cp
• rootless: add function to retrieve gid/uid mappings
• rootless: automatically split userns ranges
• runtime: set XDG_* env variables if missing
• shell completion for the network flag
• specgen: improve heuristic for /sys bind mount
• systemd: make rundir always accessible

Bugfixes

• Close image rawSource when each loop ends
• Containers should not get inheritable caps by default
• Correct port range logic for port generation
• Correct which network commands can be run as rootless
• Disable CGv1 pod stats on net=host post
• Do not error on installing duplicate shutdown handler
• Do not ignore infra command from config files
• Do not mount sysfs as rootless in more cases
• Do not pull if image domain is localhost
• Do not use "true" after "syslog" in exit commands
• Do not validate the volume source path in specgen
• Don't accidently remove XDG_RUNTIME_DIR when reseting storage
• Ensure that podman play kube actually reports errors
• Ensure that user-specified HOSTNAME is honored
• Ensure we do not edit container config in Exec
• Exorcise Driver code from libpod/define
• Expose Height/Width fields to decoder
• Expose security attribute errors with their own messages
• Fix Wrong image tag is used when creating a container from an image with multiple tags
• Fix podman images... missing headers in table templates
• Fix build for mips architecture
• Fix build for mips architecture follow-up
• Fix custom mac address with a custom cni network
• Fix extra quotation mark in manpages.
• Fix missing options in volumes display while setting uid and gid
• Fix missing podman-container-rename man page link
• Fix network ls --filter invalid value flake
• Fix option names --subuidname and --subgidname
• Fix panic in libpod images exists endpoint
• Fix podman build --logfile
• Fix podman logs read partial log lines
• Fix problems reported by staticcheck
• Fix problems with network remove
• Fix shell completion for ps --filter ancestor
• Fix some nit
• Fix spelling mistakes
• Fix storage.conf to define driver in the VM
• Fix support for rpmbuild < 4.12.0.
• Fix: unpause not supported for CGv1 rootless
• Fxes /etc/hosts duplicated every time after container restarted in a pod
• Handle --rm when starting a container
• Handle podman exec capabilities correctly
• Honor the --layers flag
• Ignore containers.conf sysctls when sharing namespaces
• Improve error message when the the podman service is not enabled
• Make podman generate systemd --new flag parsing more robust
• Pass down EnableKeyring from containers.conf to conmon
• Properly handle --cap-add all when running with a --user flag
• Revert "Allow multiple --network flags for podman run/create"
• Revert e6fbc15f26b2a609936dfc11732037c70ee14cba
• Revert the custom cobra vendor
• Rework pruning to report reclaimed space
• Set NetNS mode instead of value
• The slirp4netns sandbox requires pivot_root
• close journald when reading
• container create: do not clear image name
• container stop: release lock before calling the runtime
• exec: honor --privileged
• fix: disable seccomp by default when privileged.
• image list: ignore bare manifest list
• network: disallow CNI networks with user namespaces
• oci: keep LC_ env variables to conmon
• oci: use /proc/self/fd/FD to open unix socket
• pass full NetworkMode to ParseNetworkNamespace
• play kube: fix args/command handling
• play kube: set entrypoint when interpreting Command
• podman build --force-rm defaults to true in code
• podman logs honor stderr correctly
• podman, exec: move conmon to the correct cgroup
• podman-remote fix sending tar content
• podman: drop checking valid rootless UID
• re-open container log files
• security: honor systempaths=unconfined for ro paths

API

• Add API for communicating with Docker volume plugins
• Change bindings to stop two API calls for ping
• Close the stdin/tty when using podman as a restAPI.
• Compat api containers/json add support for filters
• Container rename bindings
• Do not pass name argument to Load API
• Docker compat API - /images/search returns wrong structure (#7857)
• Docker compat API - containers create ignores the name
• Fix some network compat api problems
• Jira RUN-1106 Container handlers updates
• Jira RUN-1106 Image handlers updates
• Jira RUN-1106 Network handlers updates
• Jira RUN-1106 System handlers updates
• Jira RUN-1106 Volumes handlers updates
• Makefile: add target to generate bindings
• More docker compat API fixes
• Podman image bindings for 3.0
• REST API v2 - ping - fix typo in header
• REST API v2 - ping - remove newline from response to improve Docker compatibility
• Reduce general binding binary size
• Restore compatible API for prune endpoints
• compat create should use bindings
• hack/podman-socat captures the API stream
• libpod API: pull: fix channel race
• misc bindings to podman v3
• pkg/copy: add parsing API
• podman v3 container bindings
• podman v3 pod bindings

Misc

• Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
• Bump github.com/containers/common from 0.30.0 to 0.31.1
• Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
• Bump github.com/containers/storage from 1.24.1 to 1.24.5
• Bump github.com/cri-o/ocicni to latest master
• Bump github.com/google/uuid from 1.1.2 to 1.1.5
• Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
• Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
• Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
• Bump k8s.io/apimachinery from 0.19.4 to 0.20.2
• Bump master to v3.0.0-dev
• Bump to containers/buildah 1.9.2
• Bump version in README to v2.2.0
• vendor containers/[email protected]

Changes

• Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.

Bugfixes

• Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539).
• Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613).
• Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running.
• Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered.
• Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers.
• Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558).
• Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498).
• Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup.
• Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly.
• Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug.

API

• Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig.
• Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter.
• Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for NetworkMode (this value is used extensively by docker-compose) (#8544).
• Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag.

Misc

• Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging.
• Updated the containers/image library to v5.9.0

Features

• Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
• Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
• The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
• The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
• The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
• The podman play kube command now supports persistent volumes claims using Podman named volumes.
• The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
• The podman play kube command now supports a --log-driver option to set the log driver for created containers.
• The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
• The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
• The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
• The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
• The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
• The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
• The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
• The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
• The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
• The podman search command can now output JSON using the --format=json option.
• The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
• The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
• The --tls-verify and --authfile options have been enabled for use with remote Podman.
• The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
• The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
• The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
• The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
• The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
• The podman pod ps command now supports a new filter status, that matches pods in a certain state.

Changes

• The podman network rm --force command will now also remove pods that are using the network (#7791).
• The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
• If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
• Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
• Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
• The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
• The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
• Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
• The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
• A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
• Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
• The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
• Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
• The podman network rm command now has a new alias, podman network remove (#8402).

Bugfixes

• Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
• Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
• Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
• Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
• Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
• Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
• Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
• Fixed a bug where the podman untag --all command was not supported with remote Podman.
• Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
• Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
• Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
• Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
• Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
• Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
• Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
• Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
• Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
• Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
• Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
• Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
• Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
• Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
• Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
• Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
• Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
• Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
• Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
• Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
• Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
• Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
• Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
• Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
• Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
• Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
• Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
• Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
• Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
• Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
• Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
• Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
• Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
• Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
• Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
• Fixed a bug where the --extract option to podman cp was nonfunctional.
• Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
• Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
• Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
• Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
• Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
• Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
• Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
• Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
• Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
• Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
• Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
• Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
• Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
• Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
• Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
• Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
• Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
• Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
• Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
• Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
• Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
• Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
• Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
• Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
• Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
• Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
• Fixed a bug where the podman container ps alias for podman ps was missing (#8445).

API

• The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
• A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
• The Compat Network Connect and Network Disconnect endpoints have been added.
• Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
• The Compat Create endpoint for images now properly supports specifying images by digest.
• The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
• The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
• Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
• Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
• Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
• Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
• Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
• Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
• Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
• Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
• Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
• Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
• Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
• Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
• Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
• Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
• Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
• Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
• Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.

Misc

• Updated Buildah to v1.18.0
• Updated the containers/storage library to v1.24.1
• Updated the containers/image library to v5.8.1
• Updated the containers/common library to v0.27.0

APIv2

• Fix Bugs and compatability
• Fix list of images - mandatory Created attribute
• Add network connect|disconnect compat endpoints
  Missing Commands
• Add alias for podman network rm -> remove
• Add podman container ps command
  Missing Options support
• Align the podman pod ps --filter behavior with podman ps
• Allow containers to --restart on-failure with --rm
• Allow multiple --network flags for podman run/create
  Documentation:
• Containers.conf settings for remote connections
• Specify what the replace flag replaces in help text
• Clarify ps(1) fallback of podman top
  Improve shell completions
  Bugs
• Fix ip-range for classless subnet masks
• Make c.networks() list include the default network
• Make podman service log events
• Set PATH env in systemd timer.
• Fix container cgroup lookup

This is the first release candidate for Podman v2.2.0. Preliminary release notes are below:

2.2.0

Features

• Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here.
• The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
• The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
• The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
• The podman play kube command now supports a --log-driver option to set the log driver for created containers.
• The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
• The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
• The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
• The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
• The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
• The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
• The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
• The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
• The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
• The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
• The podman search command can now output JSON using the --format=json option.
• The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
• The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
• The --tls-verify and --authfile options have been enabled for use with remote Podman.
• The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
• The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
• The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
• The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
• The name filter for podman pod ps now matches based on a regular expression, instead of requiring an exact match.

Changes

• The podman network rm --force command will now also remove pods that are using the network (#7791).
• The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
• If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
• Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
• Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
• The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
• The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
• Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
• The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
• A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.

Bugfixes

• Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
• Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
• Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
• Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
• Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
• Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
• Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
• Fixed a bug where the podman untag --all command was not supported with remote Podman.
• Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
• Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
• Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
• Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
• Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
• Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
• Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
• Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
• Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
• Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
• Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
• Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
• Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
• Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
• Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
• Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
• Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
• Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
• Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
• Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
• Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
• Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
• Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
• Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
• Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
• Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
• Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
• Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
• Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
• Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
• Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
• Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
• Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
• Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
• Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
• Fixed a bug where the --extract option to podman cp was nonfunctional.
• Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
• Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
• Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
• Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
• Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
• Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
• Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
• Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
• Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
• Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
• Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
• Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
• Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
• Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
• Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
• Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
• Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
• Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
• Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).

API

• The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
• A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
• The Compat Network Connect and Network Disconnect endpoints have been added.
• Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
• The Compat Create endpoint for images now properly supports specifying images by digest.
• The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
• The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
• Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
• Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
• Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
• Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
• Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container.
• Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
• Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
• Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
• Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
• Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
• Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.

Misc

• Updated Buildah to v1.18.0
• Updated the containers/storage library to v1.24.0
• Updated the containers/image library to v5.8.0
• Updated the containers/common library to v0.27.0

Changes

• The podman info command now includes the cgroup manager Podman is using.

Bugfixes

• Fixed a bug where Podman would not build with the varlink build tag enabled.
• Fixed a bug where the podman save command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.
• Fixed a bug where the json-file log driver did not write logs.
• Fixed a bug where podman-remote start --attach did not properly handle detaching using the detach keys.
• Fixed a bug where podman pod ps --filter label=... did not work.
• Fixed a bug where the podman build command did not respect the --runtime flag.

API

• The REST API now includes a Server header in all responses.
• Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container.
• Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
• Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error.
• Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) (#7722).
• The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release.

Features

• A new command, podman image mount, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it (#1433).
• The podman save and podman load commands can now create and load archives containing multiple images (#2669).
• Rootless Podman now supports all podman network commands, and rootless containers can now be joined to networks.
• The performance of podman build on ADD and COPY instructions has been greatly improved, especially when a .dockerignore is present.
• The podman run and podman create commands now support a new mode for the --cgroups option, --cgroups=split. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy (#6400).
• The podman run and podman create commands can now specify options to slirp4netns by using the --network option as follows: --net slirp4netns:opt1,opt2. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
• The podman ps command now features a new option, --storage, to show containers from Buildah, CRI-O and other applications.
• The podman run and podman create commands now feature a --sdnotify option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in Type=notify units.
• The podman run command now features a --preserve-fds opton to pass file descriptors from the host into the container (#6458).
• The podman run and podman create commands can now create overlay volume mounts, by adding the :O option to a bind mount (e.g. -v /test:/test:O). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
• The podman play kube command now supports the Socket HostPath type (#7112).
• The podman play kube command now supports read-only mounts.
• The podman play kube command now supports setting labels on pods from Kubernetes metadata labels.
• The podman play kube command now supports setting container restart policy (#7656).
• The podman play kube command now properly handles HostAlias entries.
• The podman generate kube command now adds entries to /etc/hosts from --host-add generated YAML as HostAlias entries.
• The podman play kube and podman generate kube commands now properly support shareProcessNamespace to share the PID namespace in pods.
• The podman volume ls command now supports the dangling filter to identify volumes that are dangling (not attached to any container).
• The podman run and podman create commands now feature a --umask option to set the umask of the created container.
• The podman create and podman run commands now feature a --tz option to set the timezone within the container (#5128).
• Environment variables for Podman can now be added in the containers.conf configuration file.
• The --mount option of podman run and podman create now supports a new mount type, type=devpts, to add a devpts mount to the container. This is useful for containers that want to mount /dev/ from the host into the container, but still create a terminal.
• The --security-opt flag to podman run and podman create now supports a new option, proc-opts, to specify options for the container's /proc filesystem.
• Podman with the crun OCI runtime now supports a new option to podman run and podman create, --cgroup-conf, which allows for advanced configuration of cgroups on cgroups v2 systems.
• The podman create and podman run commands now support a --override-variant option, to override the architecture variant of the image that will be pulled and ran.
• A new global option has been added to Podman, --runtime-flags, which allows for setting flags to use when the OCI runtime is called.
• The podman manifest add command now supports the --cert-dir, --auth-file, --creds, and --tls-verify options.

Security

• This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API.

Changes

• Podman will now retry pulling an image 3 times if a pull fails due to network errors.
• The podman exec command would previously print error messages (e.g. exec session exited with non-zero exit code -1) when the command run exited with a non-0 exit code. It no longer does this. The podman exec command will still exit with the same exit code as the command run in the container did.
• Error messages when creating a container or pod with a name that is already in use have been improved.
• For read-only containers running systemd init, Podman creates a tmpfs filesystem at /run. This was previously limited to 65k in size and mounted noexec, but is now unlimited size and mounted exec.
• The podman system reset command no longer removes configuration files for rootless Podman.

Bugfixes

• Fixed a bug where Podman would not add an entry to /etc/hosts for a container if it joined another container's network namespace (#66782).
• Fixed a bug where podman save --format oci-dir saved the image in an incorrect format (#6544).
• Fixed a bug where privileged containers would still configure an AppArmor profile.
• Fixed a bug where the --format option of podman system df was not properly interpreting format codes that included backslashes (#7149).
• Fixed a bug where rootless Podman would ignore errors from newuidmap and newgidmap, even if /etc/subuid and /etc/subgid contained valid mappings for the user running Podman.
• Fixed a bug where the podman commit command did not properly handle single-character image names (#7114).
• Fixed a bug where the output of podman ps --format=json did not include a Status field (#6980).
• Fixed a bug where input to the --log-level option was no longer case-insensitive.
• Fixed a bug where podman images could segfault when an image pull was aborted while incomplete, leaving an image without a manifest (#7444).
• Fixed a bug where rootless Podman would try to create the ~/.config directory when it did not exist, despite not placing any configuration files inside the directory.
• Fixed a bug where the output of podman system df was inconsistent based on whether the -v option was specified (#7405).
• Fixed a bug where --security-opt apparmor=unconfined would error if Apparmor was not enabled on the system (#7545).
• Fixed a bug where running podman stop on multiple containers starting with --rm could sometimes cause no such container errors (#7384).
• Fixed a bug where podman-remote would still try to contact the server when displaying help information about subcommands.
• Fixed a bug where the podman build --logfile command would segfault.
• Fixed a bug where the podman generate systemd command did not properly handle containers which were created with a name given as --name=$NAME instead of --name $NAME (#7157).
• Fixed a bug where the podman ps was ignoring the --latest flag.
• Fixed a bug where the podman-remote kill command would hang when a signal that did not kill the container was specified (#7135).
• Fixed a bug where the --oom-score-adj option of podman run and podman create was nonfunctional.
• Fixed a bug where the --display option of podman runlabel was nonfunctional.
• Fixed a bug where the podman runlabel command would not pull images that did not exist locally on the system.
• Fixed a bug where podman-remote run would not exit with the correct code with the container was removed by a podman-remote rm -f while podman-remote run was still running (#7117).
• Fixed a bug where the podman-remote run --rm command would error attempting to remove containers that had already been removed (e.g. by podman-remote rm --force) (#7340).
• Fixed a bug where podman --user with a numeric user and podman run --userns=keepid could create users in /etc/passwd in the container that belong to groups without a corresponding entry in /etc/group (#7389).
• Fixed a bug where podman run --userns=keepid could create entries in /etc/passwd with a UID that was already in use by another user (#7503).
• Fixed a bug where podman --user with a numeric user and podman run --userns=keepid could create users that could not be logged into (#7499).
• Fixed a bug where trying to join another container's user namespace with --userns container:$ID would fail (#7547).
• Fixed a bug where the podman play kube command would trim underscores from container names (#7020).
• Fixed a bug where the podman attach command would not show output when attaching to a container with a terminal (#6523).
• Fixed a bug where the podman system df command could be extremely slow when large quantities of images were present (#7406).
• Fixed a bug where podman images -a would break if any image pulled by digest was present in the store (#7651).
• Fixed a bug where the --mount option to podman run and podman create required the type= parameter to be passed first (#7628).
• Fixed a bug where the --infra-command parameter to podman pod create was nonfunctional.
• Fixed a bug where podman auto-update would fail for any container started with --pull=always (#7407).
• Fixed a bug where the podman wait command would only accept a single argument.
• Fixed a bug where the parsing of the --volumes-from option to podman run and podman create was broken, making it impossible to use multiple mount options at the same time (#7701).
• Fixed a bug where the podman exec command would not join executed processes to the container's supplemental groups if the container was started with both the --user and --group-add options.
• Fixed a bug where the --iidfile option to podman-remote build was nonfunctional.

API

• The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API.
• Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
• Added an endpoint for generating systemd unit files for containers.
• The last parameter to the Libpod container list endpoint now has an alias, limit (#6413).
• The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
• The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
• The Compat List endpoint for images now features limited support for the (deprecated) filter query parameter (#6797).
• Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
• Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
• Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
• Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
• Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
• Added a noTrunc option to the Libpod image search endpoint.
• Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present (#7392).
• Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data (#7195).
• Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
• The Compat List endpoint for networks now supports filtering results (#7462).
• Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
• Fixed a bug where Pull endpoints did not stream progress back to the client.
• The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker.
• All non-hijacking responses to API requests should not include headers with the version of the server.
• Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred (#7263).
• Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client.
• Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting.
• Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly.
• Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format (#7196).

Misc

• Updated Buildah to v1.16.1
• Updated the containers/storage library to v1.23.5
• Updated the containers/image library to v5.6.0
• Updated the containers/common library to v0.22.0

This is the second release candidate for Podman v2.1.0.

This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below:

Features

• A new command, podman image mount, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it (#1433).
• The podman save and podman load commands can now create and load archives containing multiple images (#2669).
• Rootless Podman now supports all podman network commands, and rootless containers can now be joined to networks.
• The performance of podman build on ADD and COPY instructions has been greatly improved, especially when a .dockerignore is present.
• The podman run and podman create commands now support a new mode for the --cgroups option, --cgroups=split. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy (#6400).
• The podman run and podman create commands can now specify options to slirp4netns by using the --network option as follows: --net slirp4netns:opt1,opt2. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
• The podman ps command now features a new option, --storage, to show containers from Buildah, CRI-O and other applications.
• The podman run and podman create commands now feature a --sdnotify option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in Type=notify units.
• The podman run command now features a --preserve-fds opton to pass file descriptors from the host into the container (#6458).
• The podman run and podman create commands can now create overlay volume mounts, by adding the :O option to a bind mount (e.g. -v /test:/test:O). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
• The podman play kube command now supports the Socket HostPath type (#7112).
• The podman play kube command now supports read-only mounts.
• The podman play kube command now properly handles HostAlias entries.
• The podman generate kube command now adds entries to /etc/hosts from --host-add generated YAML as HostAlias entries.
• The podman play kube and podman generate kube commands now properly support shareProcessNamespace to share the PID namespace in pods.
• The podman volume ls command now supports the dangling filter to identify volumes that are dangling (not attached to any container).
• The podman run and podman create commands now feature a --umask option to set the umask of the created container.
• The podman create and podman run commands now feature a --tz option to set the timezone within the container (#5128).
• Environment variables for Podman can now be added in the containers.conf configuration file.
• The --mount option of podman run and podman create now supports a new mount type, type=devpts, to add a devpts mount to the container. This is useful for containers that want to mount /dev/ from the host into the container, but still create a terminal.
• The --security-opt flag to podman run and podman create now supports a new option, proc-opts, to specify options for the container's /proc filesystem.
• Podman with the crun OCI runtime now supports a new option to podman run and podman create, --cgroup-conf, which allows for advanced configuration of cgroups on cgroups v2 systems.
• The podman create and podman run commands now support a --override-variant option, to override the architecture variant of the image that will be pulled and ran.
• A new global option has been added to Podman, --runtime-flags, which allows for setting flags to use when the OCI runtime is called.
• The podman manifest add command now supports the --cert-dir, --auth-file, --creds, and --tls-verify options.

Changes

• Podman will now retry pulling an image 3 times if a pull fails due to network errors.
• The podman exec command would previously print error messages (e.g. exec session exited with non-zero exit code -1) when the command run exited with a non-0 exit code. It no longer does this. The podman exec command will still exit with the same exit code as the command run in the container did.
• Error messages when creating a container or pod with a name that is already in use have been improved.
• For read-only containers running systemd init, Podman creates a tmpfs filesystem at /run. This was previously limited to 65k in size and mounted noexec, but is now unlimited size and mounted exec.
• The podman system reset command no longer removes configuration files for rootless Podman.

Bugfixes

• Fixed a bug where Podman would not add an entry to /etc/hosts for a container if it joined another container's network namespace (#66782).
• Fixed a bug where podman save --format oci-dir saved the image in an incorrect format (#6544).
• Fixed a bug where privileged containers would still configure an AppArmor profile.
• Fixed a bug where the --format option of podman system df was not properly interpreting format codes that included backslashes (#7149).
• Fixed a bug where rootless Podman would ignore errors from newuidmap and newgidmap, even if /etc/subuid and /etc/subgid contained valid mappings for the user running Podman.
• Fixed a bug where the podman commit command did not properly handle single-character image names (#7114).
• Fixed a bug where the output of podman ps --format=json did not include a Status field (#6980).
• Fixed a bug where input to the --log-level option was no longer case-insensitive.
• Fixed a bug where podman images could segfault when an image pull was aborted while incomplete, leaving an image without a manifest (#7444).
• Fixed a bug where rootless Podman would try to create the ~/.config directory when it did not exist, despite not placing any configuration files inside the directory.
• Fixed a bug where the output of podman system df was inconsistent based on whether the -v option was specified (#7405).
• Fixed a bug where --security-opt apparmor=unconfined would error if Apparmor was not enabled on the system (#7545).
• Fixed a bug where running podman stop on multiple containers starting with --rm could sometimes cause no such container errors (#7384).
• Fixed a bug where podman-remote would still try to contact the server when displaying help information about subcommands.
• Fixed a bug where the podman build --logfile command would segfault.
• Fixed a bug where the podman generate systemd command did not properly handle containers which were created with a name given as --name=$NAME instead of --name $NAME (#7157).
• Fixed a bug where the podman ps was ignoring the --latest flag.
• Fixed a bug where the podman-remote kill command would hang when a signal that did not kill the container was specified (#7135).
• Fixed a bug where the --oom-score-adj option of podman run and podman create was nonfunctional.
• Fixed a bug where the --display option of podman runlabel was nonfunctional.
• Fixed a bug where the podman runlabel command would not pull images that did not exist locally on the system.
• Fixed a bug where podman-remote run would not exit with the correct code with the container was removed by a podman-remote rm -f while podman-remote run was still running (#7117).
• Fixed a bug where the podman-remote run --rm command would error attempting to remove containers that had already been removed (e.g. by podman-remote rm --force) (#7340).
• Fixed a bug where podman --user with a numeric user and podman run --userns=keepid could create users in /etc/passwd in the container that belong to groups without a corresponding entry in /etc/group (#7389).
• Fixed a bug where podman run --userns=keepid could create entries in /etc/passwd with a UID that was already in use by another user (#7503).
• Fixed a bug where podman --user with a numeric user and podman run --userns=keepid could create users that could not be logged into (#7499).
• Fixed a bug where trying to join another container's user namespace with --userns container:$ID would fail (#7547).
• Fixed a bug where the podman play kube command would trim underscores from container names (#7020).
• Fixed a bug where the podman attach command would not show output when attaching to a container with a terminal (#6523).
• Fixed a bug where the podman system df command could be extremely slow when large quantities of images were present (#7406).

API

• Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
• Added an endpoint for generating systemd unit files for containers.
• The last parameter to the Libpod container list endpoint now has an alias, limit (#6413).
• The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
• The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
• The Compat List endpoint for images now features limited support for the (deprecated) filter query parameter (#6797).
• Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
• Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
• Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
• Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
• Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
• Added a noTrunc option to the Libpod image search endpoint.
• Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present (#7392).
• Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data (#7195).
• Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
• The Compat List endpoint for networks now supports filtering results (#7462).
• Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.

Misc

• Updated Buildah to v1.16.1
• Updated the containers/storage library to v1.23.5
• Updated the containers/common library to v0.22.0

Bugfixes

• Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
• Fixed a bug where /etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as.
• Fixed a bug where containers without an /etc/passwd file specifying a non-root user would not start.
• Fixed a bug where the --remote flag would sometimes not make remote connections and would instead attempt to run Podman locally.

Misc

• Updated the containers/common library to v0.14.10

This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5.

Features

• Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
• The podman system connection command has been reworked to support multiple connections, and reenabled for use!
• Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.

Changes

• Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
• Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.

Bugfixes

• Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
• Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
• Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
• Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]).
• Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
• Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
• Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
• Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
• Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
• Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
• Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
• Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
• Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
• Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
• Fixed a bug where pod infra containers were not properly unmounted after exiting.
• Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
• Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
• Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
• Fixed a bug where podman build would not generate an event on completion (#7022).
• Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
• Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
• Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
• Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
• Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
• Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
• Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
• Fixed a bug where the podman version command did not properly include build time and Git commit.
• Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
• Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
• Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).

API

• Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
• Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
• Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
• Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
• Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
• Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
• The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.

Misc

• Updated Buildah to v1.15.1
• Updated containers/image library to v5.5.2

Bugfixes

• Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field.
• Fixed a bug where podman build - and podman build on an HTTP target would fail.
• Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130).
• Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
• Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068).
• Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100).
• Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062).
• Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault.
• Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153).
• Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats --format=json.

API

• Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078).
• Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).

Features

• The podman search command now allows wildcards in search terms.
• The podman play kube command now supports the IfNotPresent pull type.

Changes

• The --disable-content-trust flag has been added to Podman for Docker compatibility. This is a Docker-specific option and has no effect in Podman; it is provided only to ensure command line compatibility for scripts (#7034).
• Setting a static IP address or MAC address for rootless containers and pods now causes an error; previously, they were silently ignored.
• The /sys/dev folder is now masked in containers to prevent a potential information leak from the host.

Bugfixes

• Fixed a bug where rootless Podman would select the wrong cgroup manager on cgroups v1 systems where the user in question had an active systemd user session (#6982).
• Fixed a bug where systems with Apparmor could not run privileged containers (#6933).
• Fixed a bug where ENTRYPOINT and CMD from images were improperly handled by podman play kube (#6995).
• Fixed a bug where the --pids-limit flag to podman create and podman run was parsed incorrectly and was unusable (#6908).
• Fixed a bug where the podman system df command would error if untagged images were present (#7015).
• Fixed a bug where the podman images command would display incorrect tags if a port number was included in the repository.
• Fixed a bug where Podman did not set a default umask and default rlimits (#6989).
• Fixed a bug where protocols in port mappings were not recognized unless they were lower-case (#6948).
• Fixed a bug where information on pod infra containers was not included in the output of podman pod inspect.
• Fixed a bug where Podman's systemd detection (activated by the enabled-by-default --systemd=true flag) would not flag a container for systemd mode if systemd was part of the entrypoint, not the command (#6920).
• Fixed a bug where podman start --attach was not defaulting --sig-proxy to true (#6928).
• Fixed a bug where podman inspect would show an incorrect command (podman system service, the command used to start the server) for containers created by a remote Podman client.
• Fixed a bug where the podman exec command with the remote client would not print output if the -t or -i flags where not provided.
• Fixed a bug where some variations of the --format {{ json . }} to podman info (involving added or removed whitespace) would not be accepted (#6927).
• Fixed a bug where Entrypoint could not be cleared at the command line (if unset via --entrypoint="", it would be reset to the image's entrypoint) (#6935).

API

• Fixed a bug where the events endpoints (both libpod and compat) could potentially panic on parsing filters.
• Fixed a bug where the compat Create endpoint for containers did not properly handle Entrypoint and Command.
• Fixed a bug where the Logs endpoint for containers (both libpod and compat) would not properly handle client disconnect, resulting in high CPU usage.
• The type of filters on the compat events endpoint has been adjusted to match Docker's implementation (#6899).
• The idle connection counter now properly handles hijacked connections.
• All endpoints that hijack will now properly print headers per RFC 7230 standards.

Misc

• Updated containers/common to v0.14.6

Changes

• The podman system connection command has been temporarily disabled, as it was not functioning as expected.

Bugfixes

• Fixed a bug where the podman ps command would not truncate long container commands, resulting in display issues as the column could become extremely wide (the --no-trunc flag can be used to print the full
  command).
• Fixed a bug where podman pod commands operationg on multiple containers (e.g. podman pod stop and podman pod kill) would not print errors from individual containers, but only a warning that some contain
  ers had failed.
• Fixed a bug where the podman system service command would panic if a connection to the Events endpoint hung up early (#6805).
• Fixed a bug where rootless Podman would create anonymous and named volumes with the wrong owner for containers run with the --user directive.
• Fixed a bug where the TMPDIR environment variable (used for storing temporary files while pulling images) was not being defaulted (if unset) to /var/tmp.
• Fixed a bug where the --publish flag to podman create and podman run required that a host port be specified if an IP address was given (#6806).
• Fixed a bug where in podman-remote commands performing an attach (podman run, podman attach, podman start --attach, podman exec) did not properly configure the terminal on Windows.
• Fixed a bug where the --remote flag to Podman required an argument, despite being a boolean (#6704).
• Fixed a bug where the podman generate systemd --new command could generate incorrect unit files for a pod if a container in the pod was created using the --pod=... flag (with an =, instead of a space, bef
  ore the pod ID) (#6766).
• Fixed a bug where NPROC and NOFILE rlimits could be improperly set for rootless Podman containers, causing them to fail to start.
• Fixed a bug where podman mount as rootless did not error (the podman mount command cannot be run rootless unless it is run inside a podman unshare shell).
• Fixed a bug where in some cases a race in events handling code could cause error messages related to retrieving events to be lost.

API

• Fixed a bug where the timestamp format for Libpod image list endpoint was incorrect - the format has been switched to Unix time.
• Fixed a bug where the compatability Create endpoint did not handle empty entrypoints properly.
• Fixed a bug where the compatibility network remove endpoint would improperly handle errors where the network was not found.
• Fixed a bug where containers would be created with improper permissions because of a umask issue (#6787).