podman

Features

• Added support for setting a static MAC address for containers
• Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to
• The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411)
• Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363)
• Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation
• Added the --history flag to podman images to display previous names used by images (#4566)
• Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist
• Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file
• The podman play kube command now honors Seccomp annotations (#3111)
• The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions
• The output format of the podman version command has been changed to better match docker version when using the --format flag
• Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591)
• Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them
• Added support for disabling detaching from containers by setting empty detach keys via --detach-keys=""
• The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build
• The podman ps -p command now shows the name of the pod as well as its ID (#4703)
• The podman inspect command on containers will now display the command used to create the container
• The podman info command now displays information on registry mirrors (#4553)

Bugfixes

• Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly
• Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases
• Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556)
• Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634)
• Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570)
• Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626)
• Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited
• Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and #4621)
• Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906)
• Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774)
• Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346)
• Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500)
• Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run
• Fixed a bug where podman container restore would fail with containers using a user namespace
• Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed
• Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359)
• Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used
• Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container
• Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353)
• Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391)
• Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328)
• Fixed a bug where podman images --digest would not always print digests when they were available
• Fixed a bug where rootless podman run could hang due to a race with reading and writing events
• Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456)
• Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434)
• Fixed a bug where podman cp would not work if STDIN was a pipe
• Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397)
• Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396)
• Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344)
• Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409)
• Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744)
• Fixed a bug where the podman kill command was not properly validating signals before use (#4746)
• Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time
• Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host)
• Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed
• Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606)
• Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666)

Misc

• The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running
• Updated vendored Buildah to v1.12.0
• Updated vendored containers/storage library to v1.15.4
• Updated vendored containers/image library to v5.1.0
• Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system
• Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory

This release includes backports for the v1.6 stable branch of Podman.

Changes

• Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
• Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
• Suppress spurious log messages when running rootless Podman
• Update vendored containers/storage to v1.13.6
• Fix a deadlock related to writing events
• Do not use the journald event logger when it is not available

This is the first release candidate for the v1.7.0 release of Podman. Preliminary release notes:

Features

• Added support for setting a static MAC address for containers
• Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to
• The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (
  #4410 and #4411)
• Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363)
• Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation
• Added the --history flag to podman images to display previous names used by images (#4566)
• Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist
• Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file
• The podman play kube command now honors Seccomp annotations (#3111)
• The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions
• The output format of the podman version command has been changed to better match docker version when using the --format flag
• Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled ([#4591](https://\
  github.com/containers/libpod/issues/4591))
• Added tmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied in
  to tmpfs filesystems mounted over them
• Added support for disabling detaching from containers by setting empty detach keys via --detach-keys=""
• The podman build command now supports the --pull and --pull-never flags to control when images are pulled during a build

Bugfixes

• Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly
• Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases
• Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combinat
  ion (#4556)
• Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634)
• Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570)
• Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /e\ tc/hosts and /etc/resolv.conf into the container (#4626)
• Fixed a bug where podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container af
  ter it exited
• Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume ([#4605](https://github\
  .com/containers/libpod/issues/4605) and #4621)
• Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete r
  emoval (#3906)
• Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was compl
  ete by --rm) (#3774)
• Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed ([#4346](https://github.com/containers/libpod/issu\
  es/4346))
• Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500)
• Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run
• Fixed a bug where podman container restore would fail with containers using a user namespace
• Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed
• Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359)
• Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used
• Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container
• Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353)
• Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391)
• Fixed a bug where Podman would not verify if files passed to --authfile existed (#4328)
• Fixed a bug where podman images --digest would not always print digests when they were available
• Fixed a bug where rootless podman run could hang due to a race with reading and writing events
• Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456)
• Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport ([#4434](https://github.com/containers/\
  libpod/issues/4434))
• Fixed a bug where podman cp would not work if STDIN was a pipe
• Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting ([#4397](https://github.com/containers/libpod/\
  issues/4397))
• Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396)
• Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344)
• Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409)

Misc

• The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running
• Updated vendored Buildah to v1.11.6
• Updated vendored containers/storage library to v1.15.3
• Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the syst
  em

First release candidate of the v1.6.3 release

Features

• Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
• Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added
• Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
• Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume

Bugfixes

• Fixed a bug where the podman start command would print container ID, instead of name, when starting containers given their name
• Fixed a bug where named volumes with options did not properly detect issues with mounting the volume, leading to an inconsistent state (#4303)
• Fixed a bug where incorrect Seccomp profiles were used in containers generated by podman play kube
• Fixed a bug where processes started by podman exec would have the wrong SELinux label in some circumstances (#4361)
• Fixed a bug where error messages from slirp4netns would be lost
• Fixed a bug where podman run --network=$NAME would not throw an error in rootless Podman, where CNI networks are not supported
• Fixed a bug where podman network create would throw confusing errors when trying to create a volume with a name that already exists
• Fixed a bug where Podman would not error if the systemd CGroup manager was specified, but systemd could not be contacted over DBus
• Fixed a bug where image volumes were mounted noexec (#4318)
• Fixed a bug where the podman stats command required the name of a container to be given, instead of showing all containers when no container was specified (#4274)
• Fixed a bug where the podman volume inspect command would not show the options that named volumes were created with
• Fixed a bug where custom storage configuration was not written to storage.conf at time of first creation for rootless Podman (#2659)
• Fixed a bug where remote Podman did not support shell redirection of container output

Misc

• Updated vendored containers/image library to v5.0
• Initial support for images using manifest lists has been added, though commands for directly interacting with manifests are still missing
• Support for pushing to and pulling from OSTree has been removed due to deprecation in the containers/image library
• Rootless Podman no longer enables linger on systems with systemd as init by default. As such, containers will now be killed when the user who ran them logs out, unless linger is explicitly enabled using loginctl
• Podman will now check the version of conmon that is in use to ensure it is sufficient

Features

• Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support
• The podman rm command can now remove containers in broken states which previously could not be removed
• The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace
• Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer
• The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd

Bugfixes

• Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192)
• Fixed a bug where rootless Podman could double-close a file, leading to a panic
• Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state
• Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container
• Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library
• Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON
• Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers
• Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248)
• Fixed a bug where volumes which failed to unmount could not be removed (#4247)
• Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage
• Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268)
• Fixed a bug where the podman start command would print the short container ID, instead of the full ID
• Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm
• Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup

Misc

• The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run
• The podman start --attach command now automatically attaches STDIN if the container was created with -i
• The podman network create command now validates network names using the same regular expression as container and pod names
• The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd)
• Updated vendored Buildah to 1.11.3
• Updated vendored containers/storage to 1.13.5
• Updated vendored containers/image to 4.0.1

This is the first release candidate for the v1.6.2 release.

Preliminary Changelog

Features

• Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support
• The podman rm command can now remove containers in broken states which previously could not be removed
• The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace
• Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer
• The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container
  entrypoint is systemd

Bugfixes

• Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192)
• Fixed a bug where rootless Podman could double-close a file, leading to a panic
• Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state
• Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container
• Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using
  the containers/image library
• Fixed a bug where podman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSON
• Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers
• Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but wer
  e not (#4248)
• Fixed a bug where volumes which failed to unmount could not be removed (#4247)
• Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage
• Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268)
• Fixed a bug where the podman start command would print the short container ID, instead of the full ID
• Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed
  via podman rm

Misc

• The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing --pids-limit 0 to podman create and podman run
• The podman network create command now validates network names using the same regular expression as container and pod names
• The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in sy\ stemd (previously detected any path ending in init or systemd)
• Updated vendored Buildah to 1.11.3
• Updated vendored containers/storage to 1.13.5
• Updated vendored containers/image to 4.0.1

Bugfixes

• Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager
• Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162)
• Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks

This is the first release candidate for the v1.6.1 release.

Preliminary changelog:

Bugfixes

• Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager
• Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162)
• Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks

This is the second release candidate for the final Podman 1.6.0 release

Features

• The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman
• The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems
• Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime
• The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891)
• The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734)
• Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819)
• Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts.
• The podman push command now supports the --digestfile option to save a file containing the pushed digest
• Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732)
• The podman image sign command now supports the --cert-dir flag
• The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files
• The remote Podman client now supports healthchecks

Bugfixes

• Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013)
• Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903)
• Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962)
• Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace
• Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983)
• Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files
• Fixed a bug where the bash completions for podman import threw errors
• Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945)
• Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937)
• Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956)
• Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952)
• Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938)
• Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829)
• Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870)
• Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched
• Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905)
• Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897)
• Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869)
• Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861)
• Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838)
• Fixed a bug where images pulled using the oci: transport would be improperly named
• Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572)
• Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted
• Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020)
• Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033)
• Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005)
• Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it
• Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012)
• Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run
• Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894)
• Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095)
• Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093)
• Fixed a bug where podman import --change improperly parsed CMD (#4000)

Misc

• Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading.
• Version 0.8.1 or greater of the CNI Plugins is now required for Podman
• Version 2.0.1 or greater of Conmon is strongly recommended
• Updated vendored Buildah to v1.11.2
• Updated vendored containers/storage library to v1.13.4
• Improved error messages when trying to create a pod with no name via podman play kube
• Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled
• TMPDIR has been set to /var/tmp by default to better handle large temporary files
• podman wait has been optimized to detect stopped containers more rapidly
• Podman containers now include a ContainerManager annotation indicating they were created by libpod
• The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available
• Podman no longer sets a default size of 65kb for tmpfs filesystems
• The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart
• The output of podman volume inspect has been more closely matched to docker volume inspect

This is the first release candidate for v1.6.0. Preliminary release notes follow:

Features

• The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman
• The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems
• Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime
• The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891)
• The podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734)
• Mounting volumes into a container using --volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819)
• The podman push command now supports the --digestfile option to save a file containing the pushed digest
• Pods can now have their hostname set via podman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732)
• The podman image sign command now supports the --cert-dir flag
• The podman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container files
• The remote Podman client now supports healthchecks

Bugfixes

• Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013)
• Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903)
• Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962)
• Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace
• Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983)
• Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files
• Fixed a bug where the bash completions for podman import threw errors
• Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945)
• Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937)
• Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956)
• Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952)
• Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938)
• Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829)
• Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870)
• Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched
• Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905)
• Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897)
• Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869)
• Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861)
• Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838)
• Fixed a bug where images pulled using the oci: transport would be improperly named
• Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572)

Misc

• Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading.
• Version 0.8.1 or greater of the CNI Plugins is now required for Podman
• Version 2.0.1 or greater of Conmon is strongly recommended
• Updated vendored Buildah to v1.11.2
• Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled
• TMPDIR has been set to /var/tmp by default to better handle large temporary files
• podman wait has been optimized to detect stopped containers more rapidly
• Podman containers now include a ContainerManager annotation indicating they were created by libpod
• The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available
• Podman no longer sets a default size of 65kb for tmpfs filesystems
• The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart
• The output of podman volume inspect has been more closely matched to docker volume inspect

Features

• The hostname of pods is now set to the pod's name

Bugfixes

• Fixed a bug where podman run and podman create did not honor the --authfile option (#3730)
• Fixed a bug where containers restored with podman container restore --import would incorrectly duplicate the Conmon PID file of the original container
• Fixed a bug where podman build ignored the default OCI runtime configured in libpod.conf
• Fixed a bug where podman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795)
• Fixed a bug where Podman would exit with an error if any configured hooks directory was not present
• Fixed a bug where podman inspect and podman commit would not use the correct CMD for containers run with podman play kube
• Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
• Fixed a bug where the podman events command with the --since or --until options could take a very long time to complete

Misc

• Rootless Podman will now inherit OCI runtime configuration from the root configuration (#3781)
• Podman now properly sets a user agent while contacting registries (#3788)
• The podman-v1.5.1.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew.

Features

• Podman containers can now join the user namespaces of other containers with --userns=container:$ID, or a user namespace at an arbitary path with --userns=ns:$PATH
• Rootless Podman can experimentally squash all UIDs and GIDs in an image to a single UID and GID (which does not require use of the newuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errors
• The podman generate kube command now produces YAML for any bind mounts the container has created (#2303)
• The podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same host
• Added the ability for podman events to output JSON by specifying --format=json
• If the OCI runtime or conmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's path
• Added the ability to use podman import with URLs (#3609)
• The podman ps command now supports filtering names using regular expressions (#3394)
• Rootless Podman containers with --privileged set will now mount in all host devices that the user can access
• The podman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the container
• Rootless Podman now supports healthchecks (#3523)
• The format of the HostConfig portion of the output of podman inspect on containers has been improved and synced with Docker
• Podman containers now support CGroup namespaces, and can create them by passing --cgroupns=private to podman run or podman create
• The podman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the container
• The podman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errors
• Support for CGroups V2 through the crun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in use

Bugfixes

• Fixed a bug where a race condition could cause podman restart to fail to start containers with ports
• Fixed a bug where containers restored from a checkpoint would not properly report the time they were started at
• Fixed a bug where podman search would return at most 25 results, even when the maximum number of results was set higher
• Fixed a bug where podman play kube would not honor capabilities set in imported YAML (#3689)
• Fixed a bug where podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648)
• Fixed a bug where podman commit --changes would not properly set environment variables
• Fixed a bug where Podman could segfault while working with images with no history
• Fixed a bug where podman volume rm could remove arbitrary volumes if given an ambiguous name (#3635)
• Fixed a bug where podman exec invocations leaked memory by not cleaning up files in tmpfs
• Fixed a bug where the --dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553)
• Fixed a bug where rootless Podman would be unable to run containers when less than 5 UIDs were available
• Fixed a bug where containers in pods could not be removed without removing the entire pod (#3556)
• Fixed a bug where Podman would not properly clean up all CGroup controllers for created cgroups when using the cgroupfs CGroup driver
• Fixed a bug where Podman containers did not properly clean up files in tmpfs, resulting in a memory leak as containers stopped
• Fixed a bug where healthchecks from images would not use default settings for interval, retries, timeout, and start period when they were not provided by the image (#3525)
• Fixed a bug where healthchecks using the HEALTHCHECK CMD format where not properly supported (#3507)
• Fixed a bug where volume mounts using relative source paths would not be properly resolved (#3504)
• Fixed a bug where podman run did not use authorization credentials when a custom path was specified (#3524)
• Fixed a bug where containers checkpointed with podman container checkpoint did not properly set their finished time
• Fixed a bug where running podman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500)
• Fixed a bug where healthcheck flags for podman create and podman run were incorrectly named (#3455)
• Fixed a bug where Podman commands would fail to find targets if a partial ID was specified that was ambiguous between a container and pod (#3487)
• Fixed a bug where restored containers would not have the correct SELinux label
• Fixed a bug where Varlink endpoints were not working properly if more was not correctly specified
• Fixed a bug where the Varlink PullImage endpoint would crash if an error occurred (#3715)
• Fixed a bug where the --mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980)
• Fixed a bug where pods did not properly share the UTS namespace, resulting in incorrect behavior from some utilities which rely on hostname (#3547)
• Fixed a bug where Podman would unconditionally append ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708)
• Fixed a bug where podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616)
• Fixed a bug where podman port would exit prematurely when a port number was specified (#3747)
• Fixed a bug where passing . as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the container

Misc

• Updated vendored Buildah to v1.10.1
• Updated vendored containers/image to v3.0.2
• Updated vendored containers/storage to v1.13.1
• Podman now requires conmon v2.0.0 or higher
• The podman info command now displays the events logger being in use
• The podman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process
• The -v short flag for podman --version has been re-added
• Error messages from podman pull should be significantly clearer
• The podman exec command is now available in the remote client
• The podman-v1.5.0.tar.gz file attached is podman packaged for MacOS. It can be installed using Homebrew.

Bugfixes

• Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations
• Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL
• Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once
• Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored
• Fixed a bug where images with no layers could not properly be displayed and removed by Podman
• Fixed a bug where locks were not properly freed on failure to create a container or pod

Misc

• Updated containers/storage to v1.12.13

Features

• Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime
• The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340)
• The podman diff command now supports the --latest flag

Bugfixes

• Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384)
• Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts
• Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405)
• Fixed a bug where podman ps --sync would segfault (#3411)
• Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408)

Misc

• Podman now performs much better on systems with heavy I/O load
• The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf
• For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\
  d/issues/3363))
• Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed

Bugfixes

• Fixed a bug where Podman could not run containers using an older version of Systemd as init (#3295)

Misc

• Updated vendored Buildah to v1.9.0 to resolve a critical bug with Dockerfile RUN instructions
• The error message for running podman kill on containers that are not running has been improved
• The Podman remote client can now log to a file if syslog is not available
• The MacOS dmg file is experimental, use at your own risk.

Features

• The podman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not exist
• The podman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumes
• The podman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)
• The podman run --mount command now supports the bind-nonrecursive option for bind mounts (#3314)

Bugfixes

• Fixed a bug where podman play kube would fail to create containers due to an unspecified log driver
• Fixed a bug where Podman would fail to build with musl libc (#3284)
• Fixed a bug where rootless Podman using slirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277)
• Fixed a bug where podman import would not properly set environment variables, discarding their values and retaining only keys
• Fixed a bug where Podman would fail to run when built with Apparmor support but run on systems without the Apparmor kernel module loaded (#3331)

Misc

• Remote Podman will now default the username it uses to log in to remote systems to the username of the current user
• Podman now uses JSON logging with OCI runtimes that support it, allowing for better error reporting
• Updated vendored Buildah to v1.8.4
• Updated vendored containers/image to v2.0

Features

• The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems (#1618)
• The podman cp command now supports a pause flag to pause containers while copying into them
• The remote client now supports a configuration file for pre-configuring connections to remote Podman installations

Bugfixes

• Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context
• Fixed a bug where podman commit could improperly set environment variables that contained = characters (#3132)
• Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports (#2942)
• Fixed a bug where podman version on the remote client could segfault (#3145)
• Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed
• Fixed a bug where filtering images by label did not work (#3163)
• Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start (#3174)
• Fixed a bug where podman generate kube did not work with containers with named volumes
• Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid (#3187)
• Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it (#3184)
• Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash (#3207)
• Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime (#3229)
• Fixed a bug where podman exec would fail on older kernels (#2968)

Misc

• The podman commit command is now usable with the Podman remote client
• The --signature-policy flag (used with several image-related commands) has been deprecated
• The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers
• Updated vendored containers/storage and containers/image libraries with numerous bugfixes
• Updated vendored Buildah to v1.8.3
• Podman now requires Conmon v0.2.0
• The podman cp command is now aliased as podman container cp
• Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration

Features

• The podman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument.
• The Podman remote client now displays version information from both the client and server in podman version
• The podman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless Podman, among other things)

Bugfixes

• Fixed a bug where Podman containers with the --rm flag were removing created volumes when they were automatically removed (#3071)
• Fixed a bug where container and pod locks were incorrectly marked as released after a system reboot, causing errors on container and pod removal (#2900)
• Fixed a bug where Podman pods could not be removed if any container in the pod encountered an error during removal (#3088)
• Fixed a bug where Podman pods run with the cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGroup
• Fixed a bug where the podman container checkpoint and podman container restore commands were not visible in the remote client
• Fixed a bug where podman remote ps --ns would not print the container's namespaces (#2938)
• Fixed a bug where removing stopped containers with healthchecks could cause an error
• Fixed a bug where the default libpod.conf file was causing parsing errors (#3095)
• Fixed a bug where pod locks were not being freed when pods were removed, potentially leading to lock exhaustion
• Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running containers, create an inconsistent state rendering the container unusable

Misc

• The remote Podman client now uses the Varlink bridge to establish remote connections by default
• The MacOS dmg file is experimental, use at your own risk. But we would like to hear the results.