Features
- The
podman kube play
command now supports the hostIPC field (#17157). - The
podman kube play
command now supports a new flag,--wait
, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522). - The
podman kube generate
andpodman kube play
commands now support SELinux filetype labels. - The
podman kube play
command now supports sysctl options (#16711). - The
podman kube generate
command now supports generating the Deployments (#17712). - The
podman machine inspect
command now shows information about named pipe addresses on Windows (#16860). - The
--userns=keep-id
option forpodman create
,run
, andkube play
now works for root containers by copying the current mapping into a new user namespace (#17337). - A new command has been added,
podman secret exists
, to verify if a secret with the given name exists. - The
podman kube generate
andpodman kube play
commands now support ulimit annotations (#16404). - The
podman create
,run
,pod create
, andpod clone
commands now support a new option,--shm-size-systemd
, that allows limiting tmpfs sizes for systemd-specific mounts (#17037). - The
podman create
andrun
commands now support a new option,--group-entry
which customizes the entry that is written to the/etc/group
file within the container when the--user
option is used (#14965). - The
podman create
andpodman run
commands now support a new option,--security-opt label=nested
, which allows SELinux labeling within a confined container. - A new command,
podman machine os apply
has been added, which applies OS changes to a Podman machine, from an OCI image. - The
podman search
command now supports two new options:--cert-dir
and--creds
. - Defaults for the
--cgroup-config
option forpodman create
andpodman run
can now be set incontainers.conf
. - Podman now supports auto updates for containers running inside a pod (#17181).
- Podman can now use a SQLite database as a backend for increased stability. The default remains the old database, BoltDB. The database to use is selected through the
database_backend
field incontainers.conf
. - Netavark plugin support has been added. The netavark network backend now allows users to create custom network drivers.
podman network create -d <plugin>
can be used to create a network config for your plugin and then Podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least Netavark version 1.6. - DHCP with macvlan and the netavark backend is now supported.
Changes
- Remote builds using the
podman build
command no longer allows.containerignore
or.dockerignore
files to be symlinks outside the build context. - The
podman system reset
command now clears build caches. - The
podman play kube
command now adds ctrName as an alias to the pod network (#16544). - The
podman kube generate
command no longer adds hostPort to the pod spec when generating service kinds. - Using a private cgroup namespace with systemd containers on a cgroups v1 system will explicitly error (this configuration has never worked) (#17727).
- The
SYS_CHROOT
capability has been re-added to the default set of capabilities. - Listing large quantities of images with the
podman images
command has seen a significant performance improvement (#17828).
Quadlet
- Quadlet now supports the
Rootfs=
option, allowing containers to be based on rootfs in addition to image. - Quadlet now supports the Secret key in the Container group.
- Quadlet now supports the Logdriver key in
.container
and.kube
units. - Quadlet now supports the Mount key in
.container
files (#17632). - Quadlet now supports specifying static IPv4 and IPv6 addresses in
.container
files via the IP= and IP6= options. - Quadlet now supports health check configuration in
.container
files. - Quadlet now supports relative paths in the Volume key in .container files (#17418).
- Quadlet now supports setting the UID and GID options for
--userns=keep-id
(#17908). - Quadlet now supports adding
tmpfs
filesystems through theTmpfs
key in.container
files (#17907). - Quadlet now supports the
UserNS
option in.container
files, which will replace the existingRemapGid
,RemapUid
,RemapUidSize
andRemapUsers
options in a future release (#17984). - Quadlet now includes a
--version
option. - Quadlet now forbids specifying SELinux label types, including disabling selinux separation.
- Quadlet now does not set log-driver by default.
- Fixed a bug where Quadlet did not recognize paths starting with systemd specifiers as absolute (#17906).
Bugfixes
- Fixed a bug in the network list API where a race condition would cause the list to fail if a container had just been removed (#17341).
- Fixed a bug in the
podman image scp
command to correctly use identity settings. - Fixed a bug in the remote Podman client's
podman build
command where building from stdin would fail.podman --remote build -f -
now works correctly (#17495). - Fixed a bug in the
podman volume prune
command where exclusive (!=
) filters would fail (#17051). - Fixed a bug in the
--volume
option in thepodman create
,run
,pod create
, andpod clone
commands where specifying relative mappings or idmapped mounts would fail (#17517). - Fixed a bug in the
podman kube play
command where a secret would be created, but nothing would be printed on the terminal (#17071). - Fixed a bug in the
podman kube down
command where secrets were not removed. - Fixed a bug where cleaning up after an exited container could segfault on non-Linux operating systems.
- Fixed a bug where the
podman inspect
command did not properly list the network configuration of containers created with--net=none
or--net=host
(#17385). - Fixed a bug where containers created with user-specified SELinux labels that created anonymous or named volumes would create those volumes with incorrect labels.
- Fixed a bug where the
podman checkpoint restore
command could panic. - Fixed a bug in the
podman events
command where events could be returned more than once after a log file rotation (#17665). - Fixed a bug where errors from systemd when restarting units during a
podman auto-update
command were not reported. - Fixed a bug where containers created with the
--health-on-failure=restart
option were not restarting when the health state turned unhealthy (#17777). - Fixed a bug where containers using the
slirp4netns
network mode with thecidr
option and a custom user namespace did not set proper DNS IPs inresolv.conf
. - Fixed a bug where the
podman auto-update
command could fail to restart systemd units (#17607). - Fixed a bug where the
podman play kube
command did not properly handlesecret.items
in volumes (#17829). - Fixed a bug where the
podman generate kube
command could generate pods with invalid names and hostnames (#18054). - Fixed a bug where names of limits (such as
RLIMIT_NOFILE
) passed to the--ulimit
option topodman create
andpodman run
were case-sensitive (#18077). - Fixed a possible corruption issue with the configuration state of
podman machine
during system failures on Mac, Linux, and Windows.
API
- The Compat Stats endpoint for Containers now returns the
Id
key as lowercaseid
to match Docker (#17869). - Fixed a bug where the Compat top endpoint incorrectly returned titles as a string instead of a list (#17524).
Misc
- The
podman version
command no longer joins the rootless user namespace (#17657). - The
podman-events --stream
option is no longer hidden and is now documented. - Updated Buildah to v1.30.0
- Updated the containers/storage library to v1.46.1
- Updated the containers/image library to v5.25.0
- Updated the containers/common library to v0.52.0