Features
- Podman now supports Docker Compose v2.2 and higher (#11822). Please note that it may be necessary to disable the use of Buildkit by setting the environment variable
DOCKER_BUILDKIT=0
. - A new container command has been added,
podman container clone
. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. - A new machine command has been added,
podman machine inspect
. This command provides details on the configuration of machine VMs. - The
podman machine set
command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new--cpus
,--disk-size
, and--memory
options (#13633). - Podman now supports sending JSON events related to machines to a Unix socket named
machine_events.*\.sock
inXDG_RUNTIME_DIR/podman
or to a socket whose path is set in thePODMAN_MACHINE_EVENTS_SOCK
environment variable. - Two new volume commands have been added,
podman volume mount
andpodman volume unmount
. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768). - VMs created by
podman machine
now automatically mount the host's$HOME
into the VM, to allow mounting volumes from the host into containers. - The
podman container checkpoint
andpodman container restore
options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. - The
podman play kube
command now supports environment variables that are specified using thefieldRef
andresourceFieldRef
sources. - The
podman play kube
command will now set default resource limits when the provided YAML does not include them (#13115). - The
podman play kube
command now supports a new option,--annotation
, to add annotations to created containers (#12968). - The
podman play kube --build
command now supports a new option,--context-dir
, which allows the user to specify the context directory to use when building the Containerfile (#12485). - The
podman container commit
command now supports a new option,--squash
, which squashes the generated image into a single layer (#12889). - The
podman pod logs
command now supports two new options,--names
, which identifies which container generated a log message by name, instead of ID (#13261) and--color
, which colors messages based on what container generated them (#13266). - The
podman rmi
command now supports a new option,--ignore
, which will ignore errors caused by missing images. - The
podman network create
command now features a new option,--ipam-driver
, to specify details about how IP addresses are assigned to containers in the network (#13521). - The
podman machine list
command now features a new option,--quiet
, to print only the names of configured VMs and no other information. - The
--ipc
option to thepodman create
,podman run
, andpodman pod create
commands now supports three new modes:none
,private
, andshareable
. The default IPC mode is nowshareable
, indicating the the IPC namespace can be shared with other containers (#13265). - The
--mount
option to thepodman create
andpodman run
commands can now set options for created named volumes via thevolume-opt
parameter (#13387). - The
--mount
option to thepodman create
andpodman run
commands now allows parameters to be passed in CSV format (#13922). - The
--userns
option to thepodman create
andpodman run
commands now supports a new option,nomap
, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. - The
podman import
command now supports three new options,--arch
,--os
, and--variant
, to specify what system the imported image was built for. - The
podman inspect
command now includes information on the network configuration of containers that joined a pre-configured network namespace with the--net ns:
option topodman run
,podman create
, andpodman pod create
. - The
podman run
andpodman create
commands now support a new option,--chrootdirs
, which specifies additional locations where container-specific files managed by Podman (e.g./etc/hosts
, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). - The
podman run
andpodman create
commands now support a new option,--passwd-entry
, allowing entries to be added to the container's/etc/passwd
file. - The
podman images --format
command now accepts two new format directives:{{.CreatedAt}}
and{{.CreatedSince}}
(#14012). - The
podman volume create
command's-o
option now accepts a new argument,o=noquota
, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049). - The
podman info
command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).
Changes
- The
--net=container:
option topodman run
,podman create
, andpodman pod create
now conflicts with the--add-host
option. - As part of a deprecation of the SHA1 hash algorithm within Podman, the algorithm used to generate the filename of the rootless network namespace has been changed. As a result, rootless containers started before updating to Podman 4.1.0 will need to be restarted if they are joined to a network (and not just using
slirp4netns
) to ensure they can connect to containers started the upgrade. - Podman's handling of the
/etc/hosts
file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available incontainers.conf
:base_hosts_file
(to specify a nonstandard location to source the base contents of the container's/etc/hosts
) andhost_containers_internal_ip
(to specify a specific IP address for containers'host.containers.internal
entry to point to). - The output of the
podman image trust show
command now includes information on the transport mechanisms allowed. - Podman now exits cleanly (with exit code 0) after receiving SIGTERM.
- Containers running in systemd mode now set the
container_uuid
environment variable (#13187). - Renaming a container now generates an event readable through
podman events
. - The
--privileged
and--cap-add
flags are no longer mutually exclusive (#13449). - Fixed a bug where the
--mount
option topodman create
andpodman run
could not create anonymous volumes (#13756). - Fixed a bug where Podman containers where the user did not explicitly set an OOM score adjustment would implicitly set a value of 0, instead of not setting one at all (#13731).
- The
podman machine set
command can no longer be used while the VM being updated is running (#13783). - Systemd service files created by
podman generate systemd
are now prettyprinted for increased readability. - The
file
event log driver now automatically rotates the log file, preventing it from growing beyond a set size. - The
--no-trunc
flag topodman search
now defaults tofalse
, to ensure output is not overly verbose.
Bugfixes
- Fixed a bug where Podman could not add devices with a major or minor number over 256 to containers.
- Fixed a bug where containers created by the
podman play kube
command did not record the raw image name used to create containers. - Fixed a bug where VMs created by
podman machine
could not start containers which forwarded ports when run on a host with a proxy configured (#13628). - Fixed a bug where VMs created by the
podman machine
command could not be connected to when the username of the current user was sufficiently long (#12751). - Fixed a bug where the
podman system reset
command on Linux did not fully remove virtual machines created bypodman machine
. - Fixed a bug where the
podman machine rm
command would error when removing a VM that was never started (#13834). - Fixed a bug where the remote Podman client's
podman manifest push
command could not push to registries that required authentication (#13629). - Fixed a bug where containers joining a pod with volumes did not have the pod's volumes added (#13548).
- Fixed a bug where the
podman version --format
command could not return the OS of the server (#13690). - Fixed a bug where the
podman play kube
command would error when a volume specified by aconfigMap
already existed (#13715). - Fixed a bug where the
podman play kube
command did not respect thehostNetwork
setting in Pod YAML (#14015). - Fixed a bug where the
podman play kube
command would, when the--log-driver
flag was not specified, ignore Podman's default log driver (#13781). - Fixed a bug where the
podman generate kube
command could generate YAML with too-long labels (#13962). - Fixed a bug where the
podman logs --tail=1
command would fail when the log driver wasjournald
and the container was restarted (#13098). - Fixed a bug where containers created from images with a healthcheck that did not specify an interval would never run their healthchecks (#13912).
- Fixed a bug where the
podman network connect
andpodman network disconnect
commands could leave invalid entries in/etc/hosts
(#13533). - Fixed a bug where the
--tls-verify option to the
remote Podman client'spodman build
command was nonfunctional. - Fixed a bug where the
podman pod inspect
command incorrectly reported whether the pod used the host's network (#14028). - Fixed a bug where Podman would, when run on WSL2, ports specified without an IP address (e.g.
-p 8080:8080
) would be bound to IPv6 addresses (#12292). - Fixed a bug where the remote Podman client's
podman info
could report an incorrect path to the socket used to access the Podman service (#12023).
API
- Containers created via the Libpod Create API that set a memory limit, but not a swap limit, will automatically have a swap limit set (#13145).
- The Compat and Libpod Attach APIs for Containers can now attach to Stopped containers.
- Fixed a bug where the Compat and Libpod Create APIs for Containers did not respect the
no_hosts
option incontainers.conf
(#13719). - Fixed a bug where the default network mode for rootless containers created via the Compat Create API was not
bridge
. - Fixed a bug where the Libpod List API for Containers did not allow filtering based on the
removing
status (#13986). - Fixed a bug where the Libpod Modify endpoint for Manifests did not respect the
tlsVerify
parameter.
Misc
- A number of dependencies have been pruned from the project, resulting in a significant reduction in the size of the Podman binary.
- Using
podman play kube
on a YAML that only includesconfigMap
objects (and no pods or deployments) now prints a much clearer error message. - Updated Buildah to v1.26.1
- Updated the containers/storage library to v1.40.2
- Updated the containers/image library to v5.21.1
- Updated the containers/common library to v0.48.0