Podman: A tool for managing OCI containers and pods.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by mheon over 4 years ago
podman system connection
command was mistakenly omitted from the 2.0 release, and has been included here.podman ps --format=json
command once again includes container's creation time in a human-readable format in the CreatedAt
key.podman inspect
commands on containers now displays forwarded ports in a format compatible with docker inspect
.--log-level=debug
flag to podman run
and podman exec
will enable syslog for exit commands, ensuring that debug logs are collected for these otherwise-unlogged commands.podman build
did not properly handle the --http-proxy
and --cgroup-manager
flags./etc/subuid
or /etc/subgid
file were very unclear (#6572).podman logs --follow
command would not stop when the container being followed exited.--privileged
flag had mistakenly been marked as conflicting with --group-add
and --security-opt
.PODMAN_USERNS
environment variable was not being honored (#6705).podman image load
command would require one argument be passed, when no arguments is also valid (#6718).podman network
command and its subcommands.podman-remote
and podman --remote
commands.podman untag
command was not erroring when no matching image was found.podman ps
command was not showing port mappings for containers which share a network namespace with another container (e.g. are part of a pod).--remote
flag could unintentionally be forwarded into containers when using podman-remote
.podman generate systemd
would not allow individual containers to be restarted (#6770).podman run
and podman create
commands did not support all transports that podman pull
does (#6744).label
option to --security-opt
would only be shown once in podman inspect
, even if provided multiple times./json
.Published by mheon over 4 years ago
podman system service
are no longer experimental, and ready for use!--remote
flag.podman system connection
command has been added to allow configuring the endpoint that podman-remote
and podman --remote
will connect to.podman generate systemd
command now supports the --new
flag when used with pods, allowing portable services for pods to be created.podman play kube
command now supports running Kubernetes Deployment YAML.podman exec
command now supports the --detach
flag to run commands in the container in the background.-p
flag to podman run
and podman create
now supports forwarding ports to IPv6 addresses.podman run
, podman create
and podman pod create
command now support a --replace
flag to remove and replace any existing container (or, for pod create
, pod) with the same name--restart-policy
flag to podman run
and podman create
now supports the unless-stopped
restart policy.--log-driver
flag to podman run
and podman create
now supports the none
driver, which does not log the container's output.--mount
flag to podman run
and podman create
now accepts readonly
option as an alias to ro
.podman generate systemd
command now supports the --container-prefix
, --pod-prefix
, and --separator
arguments to control the name of generated unit files.podman network ls
command now supports the --filter
flag to filter results.podman auto-update
command now supports specifying an authfile to use when pulling new images on a per-container basis using the io.containers.autoupdate.authfile
label.podman varlink
command, is deprecated and will be removed in the next release.podman ps
, podman images
most notably) has changed.tmpfs
filesystems added to containers are no longer mounted noexec
by default.podman exec
command would log to journald when run in containers loggined to journald (#6555).podman auto-update
command would not preserve the OS and architecture of the original image when pulling a replacement (#6613).podman cp
command could create an extra merged
directory when copying into an existing directory (#6596).podman pod stats
command would crash on pods run with --network=host
(#5652).podman network inspect
and podman network rm
commands did not properly handle non-default CNI configuration paths (#6212).podman inspect
would sometimes incorrectly report the network mode of containers started with --net=none
.conmon
is killed before the container it is monitoring.HairpinMode
to allow communication between containers by connecting to a forwarded port on the host.Published by mheon over 4 years ago
This will be the final release candidate for Podman v2.0.
Highlights of the v2.0 release:
podman system service
is no longer experimental. Endpoints are now tested and working, with few exceptions.podman-remote
has been migrated to use the REST API instead of Varlinkpodman exec
command now supports the --detach
flag to run commands in the backgroundpodman play kube
podman generate systemd --new
command now works with podspodman run
, podman create
, and podman pod create
now support a --replace
flag, that will remove any container (or pod for pod create
) that already exists with the same name and replace it with the newly-create containernone
, has been added, allowing containers to not write logsunless-stopped
restart policypodman generate systemd
are now able to survive conditions where conmon
is killed while the container is runningnoexec
by defaultpodman auto-update
command's handling of images has been improved, and it now uses the same architecture/OS and authfile that were used to pull the original imagePublished by mheon over 4 years ago
This is the sixth release candidate of Podman v2.0.0.
Podman v2.0.0 contains an extensive rewrite of Podman's frontend to better integrate support for remotely managing Podman installations using our new HTTP API.
We are approaching the release of Podman v2.0. Thanks to all our contributors and users for helping us to reach this milestone!
Published by mheon over 4 years ago
This is the fifth release candidate of Podman v2.0.0.
Podman v2.0.0 contains an extensive rewrite of Podman's frontend to better integrate support for remotely managing Podman installations using our new HTTP API.
We are approaching the release of Podman v2.0. Thanks to all our contributors and users for helping us to reach this milestone!
Published by mheon over 4 years ago
This is the fourth release candidate of Podman v2.0.0.
Podman v2.0.0 contains an extensive rewrite of Podman's frontend to better integrate support for remotely managing Podman installations using our new HTTP API.
We are approaching the release of Podman v2.0. Thanks to all our contributors and users for helping us to reach this milestone!
Published by mheon over 4 years ago
This is the third release candidate of Podman v2.0.0.
Podman v2.0.0 contains an extensive rewrite of Podman's frontend to better integrate support for remotely managing Podman installations using our new HTTP API.
This is still an early release candidate, and we are expecting some regressions.
Published by mheon over 4 years ago
noexec
for improved compatibility with DockerPublished by mheon over 4 years ago
This is the second release candiate for Podman v2.0.0.
Podman v2.0.0 contains an extensive rewrite of Podman's frontend to better integrate support for remotely managing Podman installations using our new HTTP API.
This is still an early release candidate, and we are expecting some regressions.
Published by mheon over 4 years ago
This is the first release candidate for Podman v2.0. The core Podman CLI has received an extensive rewrite to improve support for managing remote Podman instances over the new HTTP API. Full release notes are still being compiled, and will be available for the final release.
This is an early RC, and we are expecting some bugs and regressions - please report any you find!
Published by mheon over 4 years ago
podman save
would fail when the target image was specified by digest (#5234)--http-proxy
flag could not be overridden by --env
or --env-file
(#6017)libpod.conf
, instead defaulting to containers.conf
. The default libpod.conf will remain available in the Github repository until the release of Podman 2.0Published by mheon over 4 years ago
--log-path
and multiple container logs were placed in the same directory (#5915)libpod.conf
, print numerous warning messages about an invalid CGroup manager configPublished by mheon over 4 years ago
podman run --userns=auto
, which automatically allocates a unique UID and GID range for the new container's user namespacepodman play kube
command now has a --network
flag to place the created pod in one or more CNI networkspodman commit
command now supports an --iidfile
flag to write the ID of the committed image to a filecontainers.conf
configuration file has been added. containers.conf
allows for much more detailed configuration of some Podman functionalitypodman info
command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2--timeout
flag have been switched to prefer the alternative --time
. The --timeout
flag will continue to work, but man pages and --help
will use the --time
flag instead$PATH
to Conmon and the OCI runtime, causing issues for some OCI runtimes that required itpodman play kube
would not properly handle container-only port mappings (#5610)podman container prune
command was not pruning containers in the created
and configured
states--security-opt
was not given at the command lineChanges
, Checkpoint
, Init
, and Restore
podman system service
command would time out and exit while there were still active connectionsk8s.gcr.io/pause:3.2
(from 3.1) to address a bug in the architecture metadata for non-AMD64 imagesslirp4netns
networking utility in rootless Podman now uses Seccomp filtering where available for improved securityPublished by mheon over 4 years ago
This is the second release candidate for the Podman v1.9.0 release. There is one major change from Podman v1.9.0 is a fix for a major bug where Seccomp profiles were not properly handled when --security-opt
was not passed.
Published by mheon over 4 years ago
This is the first release candidate for Podman v1.9.0
podman run --userns=auto
, which automatically allocates a unique UID and GID range for the new container's user namespacepodman play kube
command now has a --network
flag to place the created pod in one or more CNI networkspodman commit
command now supports an --iidfile
flag to write the ID of the committed image to a filecontainers.conf
configuration file has been added. containers.conf
allows for much more detailed configuration of some Podman functionalitypodman info
command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2--timeout
flag have been switched to prefer the alternative --time
. The --timeout
flag will continue to work, but man pages and --help
will use the --time
flag instead$PATH
to Conmon and the OCI runtime, causing issues for some OCI runtimes that required itpodman play kube
would not properly handle container-only port mappings (#5610)podman container prune
command was not pruning containers in the created
and configured
statesChanges
, Checkpoint
, and Restore
k8s.gcr.io/pause:3.2
(from 3.1) to address a bug in the architecture metadata for non-AMD64 imagesslirp4netns
networking utility in rootless Podman now uses Seccomp filtering where available for improved securityPublished by mheon over 4 years ago
podman generate systemd --new
would not force containers to detach, causing the unit to time out when trying to startpodman system reset
could delete important system directories if run as rootless on installations created by older Podman (#4831)podman build
would not properly set the OS and Architecture they were built with (#5503)podman run
with --sig-proxy
enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the copodman run
commands could hang when forwarding ports/proc
was mounted with the hidepid
option setpodman system service
command would use large amounts of CPU when --timeout
was set to 0 (#5531)podman create
and podman run
Published by mheon over 4 years ago
podman generate systemd --new
would not force containers to detach, causing the unit to time out when trying to startpodman system reset
could delete important system directories if run as rootless on installations created by older Podman (#4831)podman build
would not properly set the OS and Architecture they were built with (#5503)podman run
with --sig-proxy
enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped ([#5483](https://github.com/containers/libpod/issues/54\podman run
commands could hang when forwarding portspodman create
and podman run
Published by mheon over 4 years ago
podman pod create
to enable customization of pod networks, including --add-host
, --dns
, --dns-opt
, --dns-search
, --ip
, --mac-address
, --network
--no-hosts
podman ps --format=json
command now includes the ID of the image containers were created withpodman run
and podman create
commands now feature an --rmi
flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/c\podman create
and podman run
commands now support the --device-cgroup-rule
flag (#4876)podman create
and podman run
commands now feature a --no-healthcheck
flag to disable healthchecks for a container (#5299)io.containers.capabilities
label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than podman generate kube
command now includes SELinux configuration passed into the container via --security-opt label=...
(#4950)resolv.conf
([#5256](https://github.com/contain\/
characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/\label
option in libpod.conf
, used to disable SELinux by default, was not being respected (#5087)podman login
and podman logout
commands required the registry to log into be specified (#5146)--detach-keys=""
would not disable detaching from a container (#5166)podman ps
command was too aggressive when filtering containers and would force --all
on in too many situationspodman play kube
command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174)Created
and CreatedTime
fields in podman images --format=json
were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issu\podman pull
could fail to parse registry names including port numberspodman build -f
would not list available files that could be built (#3878)podman commit --change
would perform incorrect validation, resulting in valid changes being rejected (#5148)podman logs --tail
could take large amounts of memory when the log file for a container was large (#5131)firewalld
podman inspect
command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/49\--uts
flag to podman create
and podman run
would only allow specifying containers by full ID (#5289)podman port
command was incorrectly interpreting additional arguments as container names, instead of port numberspodman generate systemd
did not depend on network targets, and so could start before the system network was ready (#4130)--group-add
$TMPDIR
environment variable for placing large temporary files during some operations (e.g. podman pull
) ([#5411](https://github.com/containers/libpod/issues\create
and logs
endpoints for containers has been added/swagger/
endpoint to serve API documentationjson
endpoint for containers has received many fixesstats
endpoint for containers has seen major fixes and now provides accurate outputCreated
field to podman images --format=json
has been renamed to CreatedSince
as part of the fix for (#5110). Go templates using the old name shouCreatedTime
field to podman images --format=json
has been renamed to CreatedAt
as part of the fix for (#5110). Go templates using the old name shobefore
filter to podman images
has been renamed to since
for Docker compatibility. Using before
will still work, but documentation has been changed to use the new since
filter--password
flag to podman login
now warns that passwords are being passed in plaintextpodman system renumber
must be run to resolve the deadlockPublished by mheon over 4 years ago
This is the first release candidate of Podman v1.8.1
Preliminary release notes:
podman pod create
to enable customization of pod networks, including --add-host
, --dns
, --dns-opt
, --dns-search
, --ip
, --mac-address
, --network
, and --no-hosts
podman ps --format=json
command now includes the ID of the image containers were created withpodman create
and podman run
commands now support the --device-cgroup-rule
flag (#4876)resolv.conf
(#5256)/
characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location (#5219)label
option in libpod.conf
, used to disable SELinux by default, was not being respected (#5087)podman login
and podman logout
commands required the registry to log into be specified (#5146)--detach-keys=""
would not disable detaching from a container (#5166)podman ps
command was too aggressive when filtering containers and would force --all
on in too many situationspodman play kube
command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174)Created
and CreatedTime
fields in podman images --format=json
were misnamed, which also broke Go template output for those fields (#5110)podman pull
could fail to parse registry names including port numberspodman build -f
would not list available files that could be built (#3878)podman commit --change
would perform incorrect validation, resulting in valid changes being rejected (#5148)podman logs --tail
could take large amounts of memory when the log file for a container was large (#5131)firewalld
create
and logs
endpoints for containers has been added/swagger/
endpoint to serve API documentationjson
endpoint for containers has received many fixesstats
endpoint for containers has seen major fixes and now provides accurate outputCreated
field to podman images --format=json
has been renamed to CreatedSince
as part of the fix for (#5110). Go templates using the old name should still workCreatedTime
field to podman images --format=json
has been renamed to CreatedAt
as part of the fix for (#5110). Go templates using the old name should still workbefore
filter to podman images
has been renamed to since
for Docker compatibility. Using before
will still work, but documentation has been changed to use the new since
filter--password
flag to podman login
now warns that passwords are being passed in plaintextPublished by mheon over 4 years ago
podman system service
command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testpodman untag
command has been added to remove tags from images without deleting thempodman inspect
command on images now displays previous names they usedpodman generate systemd
command now supports a --new
option to generate service files that create and run new containers instead of managing existing containers--log-opt tag=
to set logging tags has been added to the journald
log driverpodman run
and podman create
via the new --seccomp-policy
CLI flag (#4806)podman play kube
command now honors pull policy (#4880)podman cp
command would not copy the contents of directories when paths ending in /.
were given (#4717)podman play kube
command did not properly locate Seccomp profiles specified relative to localhost (#4555)podman info
command for remote Podman did not show registry information (#4793)podman exec
command did not support having input piped into it (#3302)podman cp
command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying ([#4813](https://github.com/containers/libpod/iss\podman container prune --force
command could possible remove running containers if they were started while the command was running ([#4844](https://github.com/containers/libpod/issues/\slirp4netns
networking when requested (#4853)podman run --userns=keep-id
did not work when the user had a UID over 65535 (#4838)podman run
and podman create
with the --userns=keep-id
option could change permissions on /run/user/$UID
and break KDE ([#4846](https://github.com/containers/libpod/issues/4\podman inspect
would show CPUShares as 0, instead of the default (1024), when it was not explicitly set (#4822)podman-remote push
would segfault (#4706)podman inspect
(#4799)--rm
flag was given, even if they were given names ([#5009](https:podman history
was not computing image sizes correctly (#4916)--sort
flag to podman images
podman commit
was mandatory, not optional as it should be (#5027)"
to %PATH
(#4335)podman build
command would sometimes ignore the -f
option and build the wrong Containerfilepodman ps --filter
command would only filter running containers, instead of all containers, if --all
was not passed (#5050)podman load
command on compressed images would leave an extra copy on diskpodman restart
command would not properly clean up the network, causing it to function differently from podman stop; podman start
([#5051](https://github.com/containers/libpod/issues\--memory-swap
flag to podman create
and podman run
to -1
(to indicate unlimited) was not supported (#5091)