Podman: A tool for managing OCI containers and pods.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by mheon almost 5 years ago
macvlan
networks with podman network create
, allowing Podman containers to be attached directly to networks the host is connected topodman image prune
and podman container prune
commands now support the --filter
flag to filter what will be pruned, and now prompts for confirmation when run without --force
(#4410 and #4411)podman system reset
command to remove all Podman files and perform a factory reset of the Podman installation--history
flag to podman images
to display previous names used by images (#4566)--ignore
flag to podman rm
and podman stop
to not error when requested containers no longer exist--cidfile
flag to podman rm
and podman stop
to read the IDs of containers to be removed or stopped from a filepodman play kube
command now honors Seccomp annotations (#3111)podman play kube
command now honors RunAsUser
, RunAsGroup
, and selinuxOptions
podman version
command has been changed to better match docker version
when using the --format
flagtmpcopyup
and notmpcopyup
options to the --tmpfs
and --mount type=tmpfs
flags to podman create
and podman run
to control whether the content of directories are copied into tmpfs filesystems mounted over them--detach-keys=""
podman build
command now supports the --pull
and --pull-never
flags to control when images are pulled during a buildpodman ps -p
command now shows the name of the pod as well as its ID (#4703)podman inspect
command on containers will now display the command used to create the containerpodman info
command now displays information on registry mirrors (#4553)--change
flag to podman import
and podman commit
was not being parsed properly in many caseslibpod.conf
were not used by the podman attach
and podman exec
commands, which always used the global default ctrl-p,ctrl-q
key combination (#4556)podman pod stats
even on CGroups v2 enabled systems (#4634)renameat2
syscall (#4570)--net container=B
and container B using --net container=C
) would not properly mount /etc/hosts
and /etc/resolv.conf
into the container (#4626)podman run
with the --rm
flag and without -d
could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exitedpodman rm --storage
command to complete removal (#3906)--rm
was allowed when --export
was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm
) (#3774)podman pod prune
command would fail if containers were present in the pods and the --force
flag was not passed (#4346)podman system renumber
would always throw an error if a container was mounted when it was runpodman container restore
would fail with containers using a user namespacepodman history
would sometimes not properly identify the IDs of layers in an image (#3359)--authfile
existed (#4328)podman images --digest
would not always print digests when they were availablepodman run
could hang due to a race with reading and writing eventspodman pull
would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon
transport (#4434)podman cp
would not work if STDIN was a pipepodman exec
could stop accepting input if anything was typed between the command being run and the exec session starting (#4397)podman logs --tail 0
would print all lines of a container's logs, instead of no lines (#4396)slirp4netns
was incorrectly set, resulting in an extremely long timeout (#4344)podman stats
command would print CPU utilizations figures incorrectly (#4409)podman inspect --size
command would not print the size of the container's read/write layer if the size was 0 (#4744)podman kill
command was not properly validating signals before use (#4746)--quiet
and --format
flags to podman ps
could not be used at the same timepodman stop
command was not stopping exec sessions when a container was created without a PID namespace (--pid=host
)podman pod rm --force
command was not removing anonymous volumes for containers that were removedpodman checkpoint
command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606)--rm
would not be automatically removed on being stopped if an exec session was running inside the container (#4666)kata-runtime
, kata-qemu
, and kata-fc
) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the systemcrun
runtime can create containers with significantly less memoryPublished by mheon almost 5 years ago
This release includes backports for the v1.6 stable branch of Podman.
winsz
FIFO on container restart to allow use with Conmon 2.03 and higherPublished by mheon almost 5 years ago
This is the first release candidate for the v1.7.0 release of Podman. Preliminary release notes:
macvlan
networks with podman network create
, allowing Podman containers to be attached directly to networks the host is connected topodman image prune
and podman container prune
commands now support the --filter
flag to filter what will be pruned, and now prompts for confirmation when run without --force
(podman system reset
command to remove all Podman files and perform a factory reset of the Podman installation--history
flag to podman images
to display previous names used by images (#4566)--ignore
flag to podman rm
and podman stop
to not error when requested containers no longer exist--cidfile
flag to podman rm
and podman stop
to read the IDs of containers to be removed or stopped from a filepodman play kube
command now honors Seccomp annotations (#3111)podman play kube
command now honors RunAsUser
, RunAsGroup
, and selinuxOptions
podman version
command has been changed to better match docker version
when using the --format
flagtmpcopyup
and notmpcopyup
options to the --tmpfs
and --mount type=tmpfs
flags to podman create
and podman run
to control whether the content of directories are copied in--detach-keys=""
podman build
command now supports the --pull
and --pull-never
flags to control when images are pulled during a build--change
flag to podman import
and podman commit
was not being parsed properly in many caseslibpod.conf
were not used by the podman attach
and podman exec
commands, which always used the global default ctrl-p,ctrl-q
key combinatpodman pod stats
even on CGroups v2 enabled systems (#4634)renameat2
syscall (#4570)--net container=B
and container B using --net container=C
) would not properly mount /e\ tc/hosts
and /etc/resolv.conf
into the container (#4626)podman run
with the --rm
flag and without -d
could, when run in the background, throw a 'container does not exist' error when attempting to remove the container afpodman rm --storage
command to complete r--rm
was allowed when --export
was not specified (the container, and checkpoint, would be removed after checkpointing was compl--rm
) (#3774)podman pod prune
command would fail if containers were present in the pods and the --force
flag was not passed ([#4346](https://github.com/containers/libpod/issu\podman system renumber
would always throw an error if a container was mounted when it was runpodman container restore
would fail with containers using a user namespacepodman history
would sometimes not properly identify the IDs of layers in an image (#3359)--authfile
existed (#4328)podman images --digest
would not always print digests when they were availablepodman run
could hang due to a race with reading and writing eventspodman pull
would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon
transport ([#4434](https://github.com/containers/\podman cp
would not work if STDIN was a pipepodman exec
could stop accepting input if anything was typed between the command being run and the exec session starting ([#4397](https://github.com/containers/libpod/\podman logs --tail 0
would print all lines of a container's logs, instead of no lines (#4396)slirp4netns
was incorrectly set, resulting in an extremely long timeout (#4344)podman stats
command would print CPU utilizations figures incorrectly (#4409)kata-runtime
, kata-qemu
, and kata-fc
) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the systPublished by mheon almost 5 years ago
First release candidate of the v1.6.3 release
Published by mheon almost 5 years ago
libpod.conf
configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.-v
flag to the podman create
and podman run
commandsuid
and gid
options in --opt o=...
to set UID and GID of the created volumepodman start
command would print container ID, instead of name, when starting containers given their namepodman play kube
podman exec
would have the wrong SELinux label in some circumstances (#4361)slirp4netns
would be lostpodman run --network=$NAME
would not throw an error in rootless Podman, where CNI networks are not supportedpodman network create
would throw confusing errors when trying to create a volume with a name that already existssystemd
CGroup manager was specified, but systemd could not be contacted over DBusnoexec
(#4318)podman stats
command required the name of a container to be given, instead of showing all containers when no container was specified (#4274)podman volume inspect
command would not show the options that named volumes were created withstorage.conf
at time of first creation for rootless Podman (#2659)conmon
that is in use to ensure it is sufficientPublished by mheon almost 5 years ago
--runtime
flag to podman system migrate
to allow the OCI runtime for all containers to be reset, to ease transition to the crun
runtime on CGroups V2 systems until runc
gains full supportpodman rm
command can now remove containers in broken states which previously could not be removedpodman info
command, when run without root, now shows information on UID and GID mappings in the rootless user namespacepodman build --squash-all
flag, which squashes all layers (including those of the base image) into one layer--systemd
flag to podman run
and podman create
now accepts a string argument and allows a new value, always
, which forces systemd support without checking if the the container entrypoint is systemdpodman top
command did not work on systems using CGroups V2 (#4192)podman start --attach --sig-proxy=false
would still proxy signals into the containerauth.json
), breaking podman login
integration with skopeo
and other tools using the containers/image librarypodman ps --format=json
and podman images --format=json
would display null
when no results were returned, instead of valid JSONpodman build --squash
was incorrectly squashing all layers into one, instead of only new layerspodman stats
was broken on systems running CGroups V2 when run rootless (#4268)podman start
command would print the short container ID, instead of the full IDpodman ps
and could not be removed via podman rm
podman container restore --import
would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup--pids-limit 0
to podman create
and podman run
podman start --attach
command now automatically attaches STDIN
if the container was created with -i
podman network create
command now validates network names using the same regular expression as container and pod names--systemd
flag to podman run
and podman create
will now only enable systemd mode when the binary being run inside the container is /sbin/init
, /usr/sbin/init
, or ends in systemd
(previously detected any path ending in init
or systemd
)Published by mheon about 5 years ago
This is the first release candidate for the v1.6.2 release.
--runtime
flag to podman system migrate
to allow the OCI runtime for all containers to be reset, to ease transition to the crun
runtime on CGroups V2 systems until runc
gains full supportpodman rm
command can now remove containers in broken states which previously could not be removedpodman info
command, when run without root, now shows information on UID and GID mappings in the rootless user namespacepodman build --squash-all
flag, which squashes all layers (including those of the base image) into one layer--systemd
flag to podman run
and podman create
now accepts a string argument and allows a new value, always
, which forces systemd support without checking if the the containerpodman top
command did not work on systems using CGroups V2 (#4192)podman start --attach --sig-proxy=false
would still proxy signals into the containerauth.json
), breaking podman login
integration with skopeo
and other tools usingpodman ps --format=json
and podman images --format=json
would display null
when no results were returned, instead of valid JSONpodman build --squash
was incorrectly squashing all layers into one, instead of only new layerspodman stats
was broken on systems running CGroups V2 when run rootless (#4268)podman start
command would print the short container ID, instead of the full IDpodman ps
and could not be removedpodman rm
--pids-limit 0
to podman create
and podman run
podman network create
command now validates network names using the same regular expression as container and pod names--systemd
flag to podman run
and podman create
will now only enable systemd mode when the binary being run inside the container is /sbin/init
, /usr/sbin/init
, or ends in sy\ stemd
(previously detected any path ending in init
or systemd
)Published by mheon about 5 years ago
cgroupfs
CGroups managerslirp4netns
networking would fail to start containers due to mount leaksPublished by mheon about 5 years ago
This is the first release candidate for the v1.6.1 release.
Preliminary changelog:
cgroupfs
CGroups managerslirp4netns
networking would fail to start containers due to mount leaksPublished by mheon about 5 years ago
This is the second release candidate for the final Podman 1.6.0 release
Published by mheon about 5 years ago
podman network create
, podman network rm
, podman network inspect
, and podman network ls
commands have been added to manage CNI networks used by Podmanpodman volume create
command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems--cgroups=disabled
flag with podman create
and podman run
. This is presently only supported with the crun
OCI runtimepodman volume rm
and podman volume inspect
commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol
to remove a volume named myvolume
) (#3891)podman run
and podman create
commands now support the --pull
flag to allow forced re-pulling of images (#3734)--volume
, --mount
, and --tmpfs
now allows the suid
, dev
, and exec
mount options (the inverse of nosuid
, nodev
, noexec
) (#3819)--mount
now allows the relabel=Z
and relabel=z
options to relabel mounts.podman push
command now supports the --digestfile
option to save a file containing the pushed digestpodman pod create --hostname
or providing Pod YAML with a hostname set to podman play kube
(#3732)podman image sign
command now supports the --cert-dir
flagpodman run
and podman create
commands now support the --security-opt label=filetype:$LABEL
flag to set the SELinux label for container filespodman pull
would panic if a Varlink connection was not available (#4013)podman exec
would not properly set terminal size when creating a new exec session (#3903)podman exec
would not clean up socket symlinks on the host (#3962)podman prune -a
would attempt to prune images used by Buildah and CRI-O, causing errors (#3983)~/.config
directory could cause rootless Podman to use an incorrect directory for storing some filespodman import
threw errorspodman volume create
would not copy the contents of their mountpoint the first time they were mounted into a container (#3945)podman exec
when the container was not run inside a CGroup owned by the user (#3937)podman play kube
would panic when given Pod YAML without a securityContext
(#3956)storage.conf
configuration items were set to the empty string (#3952)podman build
did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938)podman cp
would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829)podman run --rm
would exit before the container was completely removed, allowing race conditions when removing container resources (#3870)/etc/subuid
and /etc/subgid
after a container was launched--device
flag (#3905)commit
Varlink API would segfault if provided incorrect arguments (#3897)podman remote cp
crashed instead of reporting it was not yet supported (#3861)podman exec
would run as the wrong user when execing into a container was started from an image with Dockerfile USER
(or a user specified via podman run --user
) (#3838)oci:
transport would be improperly namedpodman varlink
would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572)podman exec --preserve-fds
caused Podman to hang (#4020)$HOME
environment variable when the OCI runtime did not set ittmpfs
filesystems added by the --read-only-tmpfs
flag to podman create
and podman run
podman cp
would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894)STDIN
when the -i
flag was not set (#4095)podman play kube
would create an empty pod when given an unsupported YAML type (#4093)podman import --change
improperly parsed CMD
(#4000)podman system renumber
after upgrading.podman play kube
podman pause
or podman stats
on a rootless container on a system without CGroups V2 enabledTMPDIR
has been set to /var/tmp
by default to better handle large temporary filespodman wait
has been optimized to detect stopped containers more rapidlyContainerManager
annotation indicating they were created by libpod
podman info
command now includes information about slirp4netns
and fuse-overlayfs
if they are availablepodman volume inspect
has been more closely matched to docker volume inspect
Published by mheon about 5 years ago
This is the first release candidate for v1.6.0. Preliminary release notes follow:
podman network create
, podman network rm
, podman network inspect
, and podman network ls
commands have been added to manage CNI networks used by Podmanpodman volume create
command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems--cgroups=disabled
flag with podman create
and podman run
. This is presently only supported with the crun
OCI runtimepodman volume rm
and podman volume inspect
commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol
to remove a volume named myvolume
) (#3891)podman run
and podman create
commands now support the --pull
flag to allow forced re-pulling of images (#3734)--volume
, --mount
, and --tmpfs
now allows the suid
, dev
, and exec
mount options (the inverse of nosuid
, nodev
, noexec
) (#3819)podman push
command now supports the --digestfile
option to save a file containing the pushed digestpodman pod create --hostname
or providing Pod YAML with a hostname set to podman play kube
(#3732)podman image sign
command now supports the --cert-dir
flagpodman run
and podman create
commands now support the --security-opt label=filetype:$LABEL
flag to set the SELinux label for container filespodman pull
would panic if a Varlink connection was not available (#4013)podman exec
would not properly set terminal size when creating a new exec session (#3903)podman exec
would not clean up socket symlinks on the host (#3962)podman prune -a
would attempt to prune images used by Buildah and CRI-O, causing errors (#3983)~/.config
directory could cause rootless Podman to use an incorrect directory for storing some filespodman import
threw errorspodman volume create
would not copy the contents of their mountpoint the first time they were mounted into a container (#3945)podman exec
when the container was not run inside a CGroup owned by the user (#3937)podman play kube
would panic when given Pod YAML without a securityContext
(#3956)storage.conf
configuration items were set to the empty string (#3952)podman build
did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938)podman cp
would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829)podman run --rm
would exit before the container was completely removed, allowing race conditions when removing container resources (#3870)/etc/subuid
and /etc/subgid
after a container was launched--device
flag (#3905)commit
Varlink API would segfault if provided incorrect arguments (#3897)podman remote cp
crashed instead of reporting it was not yet supported (#3861)podman exec
would run as the wrong user when execing into a container was started from an image with Dockerfile USER
(or a user specified via podman run --user
) (#3838)oci:
transport would be improperly namedpodman varlink
would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572)podman system renumber
after upgrading.podman pause
or podman stats
on a rootless container on a system without CGroups V2 enabledTMPDIR
has been set to /var/tmp
by default to better handle large temporary filespodman wait
has been optimized to detect stopped containers more rapidlyContainerManager
annotation indicating they were created by libpod
podman info
command now includes information about slirp4netns
and fuse-overlayfs
if they are availablepodman volume inspect
has been more closely matched to docker volume inspect
Published by mheon about 5 years ago
podman run
and podman create
did not honor the --authfile
option (#3730)podman container restore --import
would incorrectly duplicate the Conmon PID file of the original containerpodman build
ignored the default OCI runtime configured in libpod.conf
podman run --rm
(or force-removing any running container with podman rm --force
) were not retrieving the correct exit code (#3795)podman inspect
and podman commit
would not use the correct CMD
for containers run with podman play kube
podman events
command with the --since
or --until
options could take a very long time to completePublished by mheon about 5 years ago
--userns=container:$ID
, or a user namespace at an arbitary path with --userns=ns:$PATH
newuidmap
and newgidmap
executables) by passing --storage-opt ignore_chown_errors
podman generate kube
command now produces YAML for any bind mounts the container has created (#2303)podman container restore
command now features a new flag, --ignore-static-ip
, that can be used with --import
to import a single container with a static IP multiple times on the same hostpodman events
to output JSON by specifying --format=json
conmon
binary cannot be found at the paths specified in libpod.conf
, Podman will now also search for them in the calling user's pathpodman import
with URLs (#3609)podman ps
command now supports filtering names using regular expressions (#3394)--privileged
set will now mount in all host devices that the user can accesspodman create
and podman run
commands now support the --env-host
flag to forward all environment variables from the host into the containerHostConfig
portion of the output of podman inspect
on containers has been improved and synced with Docker--cgroupns=private
to podman run
or podman create
podman create
and podman run
commands now support the --ulimit=host
flag, which uses any ulimits currently set on the host for the containerpodman rm
and podman rmi
commands now use different exit codes to indicate 'no such container' and 'container is running' errorscrun
OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in usepodman restart
to fail to start containers with portspodman search
would return at most 25 results, even when the maximum number of results was set higherpodman play kube
would not honor capabilities set in imported YAML (#3689)podman run --env
, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648)podman commit --changes
would not properly set environment variablespodman volume rm
could remove arbitrary volumes if given an ambiguous name (#3635)podman exec
invocations leaked memory by not cleaning up files in tmpfs--dns
and --net=container
flags to podman run
and podman create
were not mutually exclusive (#3553)cgroupfs
CGroup driverHEALTHCHECK CMD
format where not properly supported (#3507)podman run
did not use authorization credentials when a custom path was specified (#3524)podman container checkpoint
did not properly set their finished timepodman inspect
on any container not created with podman run
or podman create
(for example, pod infra containers) would result in a segfault (#3500)podman create
and podman run
were incorrectly named (#3455)more
was not correctly specified--mount
flag to podman create
and podman run
did not allow boolean arguments for its ro
and rw
options (#2980)ENTRYPOINT
to CMD
during podman commit
(and when reporting CMD
in podman inspect
) (#3708)podman events
with the journald
events backend would incorrectly print 6 previous events when only new events were requested (#3616)podman port
would exit prematurely when a port number was specified (#3747).
as an argument to the --dns-search
flag to podman create
and podman run
was not properly clearing DNS search domains in the containerpodman info
command now displays the events logger being in usepodman inspect
command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process-v
short flag for podman --version
has been re-addedpodman pull
should be significantly clearerpodman exec
command is now available in the remote clientPublished by mheon over 5 years ago
sudo -E
would not work after running rootless Podman at least oncetmpfs
volumes added with the --tmpfs
flag were being ignoredPublished by mheon over 5 years ago
--runtime
and will always use that runtimecached
and delegated
options for volume mounts are now allowed for Docker compatability (#3340)podman diff
command now supports the --latest
flagpodman cp
on a single file would create a directory at the target and place the file in it (#3384)podman inspect --format '{{.Mounts}}'
would print a hexadecimal address instead of a container's mounts/etc/hosts
files for their own hostname (#3405)podman ps --sync
would segfault (#3411)podman generate kube
would produce an invalid ports configuration (#3408)--cgroup-manager
flag to podman
now shows the correct default setting in help if the default was overridden by libpod.conf
--log-driver=json-file
in podman run
is now supported as an alias for --log-driver=k8s-file
. This is considered deprecated, and json-file
will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\libpod.conf
file now allows the crun OCI runtime to be used if it is installedPublished by mheon over 5 years ago
RUN
instructionspodman kill
on containers that are not running has been improvedPublished by mheon over 5 years ago
podman exec
command now sets its error code differently based on whether the container does not exist, and the command in the container does not existpodman inspect
command on containers now outputs Mounts JSON that matches that of docker inspect
, only including user-specified volumes and differentiating bind mounts and named volumespodman inspect
command now reports the path to a container's OCI spec with the OCIConfigPath
key (only included when the container is initialized or running)podman run --mount
command now supports the bind-nonrecursive
option for bind mounts (#3314)podman play kube
would fail to create containers due to an unspecified log driverslirp4netns
networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277)podman import
would not properly set environment variables, discarding their values and retaining only keysPublished by mheon over 5 years ago
podman checkpoint
and podman restore
commands can now be used to migrate containers between Podman installations on different systems (#1618)podman cp
command now supports a pause
flag to pause containers while copying into thempodman cp
command improperly dereferenced symlinks in host contextpodman commit
could improperly set environment variables that contained =
characters (#3132)podman version
on the remote client could segfault (#3145)podman container runlabel
would use /proc/self/exe
instead of the path of the Podman command when printing the command being executedpodman generate kube
did not work with containers with named volumespermission denied
errors accessing conmon.pid
(#3187)podman cp
with a folder specified as target would replace the folder, as opposed to copying into it (#3184)tmpcopyup
on /dev/
mounts, causing errors when using the Kata containers runtime (#3229)podman exec
would fail on older kernels (#2968)podman commit
command is now usable with the Podman remote client--signature-policy
flag (used with several image-related commands) has been deprecatedpodman unshare
command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT
and CONTAINERS_GRAPHROOT
, pointing to temporary and permanent storage for rootless containerspodman cp
command is now aliased as podman container cp
init_path
using root Podman's configuration files (/etc/containers/libpod.conf
and /usr/share/containers/libpod.conf
) if not overridden in the rootless configurationPublished by mheon over 5 years ago
podman cp
command can now read input redirected to STDIN
, and output to STDOUT
instead of a file, using -
instead of an argument.podman version
podman unshare
command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless Podman, among other things)--rm
flag were removing created volumes when they were automatically removed (#3071)cgroupfs
CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGrouppodman container checkpoint
and podman container restore
commands were not visible in the remote clientpodman remote ps --ns
would not print the container's namespaces (#2938)libpod.conf
file was causing parsing errors (#3095)