Features
- Podman machine now supports HyperV as a provider on Windows. This option can be set via the
CONTAINERS_MACHINE_PROVIDERenvironment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported. - The
podman loginandpodman logoutcommands now support a new option,--compat-auth-file, which allows for editing Docker-compatible config files (#18617). - The
podman machine initandpodman machine setcommands now support a new option,--usb, which sets allows USB passthrough for the QEMU provider (#16707). - The
--ulimitoption now supports setting -1 to indicate the maximum limit allowed for the current process (#19319). - The
podman play kubecommand now supports theBUILDAH_ISOLATIONenvironment variable to change build isolation when the--buildoption is set (#20024). - The
podman volume createcommand now supports--opt o=size=XYZon tmpfs file systems (#20449). - The
podman infocommand for remote calls now reports client information even if the remote connection is unreachable - Added a new field,
privileged, to containers.conf, which sets the defaults for the--privilegedflag when creating, running or exec'ing into a container. - The
podman kube playcommand now supports setting DefaultMode for volumes (#19313). - The
--optoption to thepodman network createcommand now accepts a new driver specific option,vrf, which assigns a VRF to the bridge interface. - A new option
--rdt-class=COShas been added to thepodman createandpodman runcommands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature. - The
podman kube playcommand now supports a new option,--publish-all, which exposes all containerPorts on the host. - The --filter option now supports
label!=, which filters for containers without the specified label.
Changes
- Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
- RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
- The
--helpoption to thepodman pushcommand now shows the compression algorithm used. - The remote Podman client’s
commitcommand now shows progress messages (#19947). - The
podman kube playcommand now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321). - The
--tty,-toption to thepodman execcommand now defines the TERM environment variable even if the container is not running with a terminal (#20334). - Podman now also uses the
helper_binaries_diroption in containers.conf to lookup the init binary (catatonit). - Podman healthcheck events are now logged as notices.
- Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
- The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
- Podman machine now prohibits using provider names as machine names.
applehv,qemu,wsl, andhypervare no longer valid Podman machine names
Quadlet
- Quadlet now supports the
UIDMap,GIDMap,SubUIDMap, andSubGIDMapoptions in .container files. - Fixed a bug where symlinks were not resolved in search paths (#20504).
- Quadlet now supports the
ReadOnlyTmpfsoption. - The VolatileTmpfs option is now deprecated.
- Quadlet now supports systemd specifiers in User and Group keys.
- Quadlet now supports
ImageNamefor .image files. - Quadlet now supports a new option,
--force, to the stop command. - Quadlet now supports the
oneshotservice type for .kube files, which allows yaml files without containers. - Quadlet now supports podman level arguments (#20246).
- Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
- Quadlet now removes anonymous volumes when removing a container (#20070).
- Quadlet now supports a new unit type,
.image.
Bugfixes
- Fixed a bug where mounted volumes on Podman machines on MacOS would have a max open files limit (#16106).
- Fixed a bug where setting both the
--utsand--networkoptions tohostdid not fill /etc/hostname with the host's name (#20448). - Fixed a bug where the remote Podman client’s
buildcommand would incorrectly parse https paths (#20475). - Fixed a bug where running Docker Compose against a WSL podman machine would fail (#20373).
- Fixed a race condition where parallel tagging and untagging of images would fail (#17515).
- Fixed a bug where the
podman execcommand would leak sessions when the specified command does not existFixed a bug where thepodman execcommand would leak sessions when the specified command does not exist (#20392). - Fixed a bug where the
podman historycommand did not display the size of certain layers (#20375). - Fixed a bug where a container with a custom user namespace and
--restart always/on-failurewould not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615). - Fixed a bug where remote calls to the
podman topcommand would incorrectly parse options (#19176). - Fixed a bug where the
--read-only-tmpfsoption to thepodman runcommand was incorrectly handled when the--read-onlyoption was set (#20225). - Fixed a bug where creating containers in parallel may cause a deadlock if both containers attempt to use the same named volume (#20313).
- Fixed a bug where a container restarted by the Podman service would occasionally not mount its storage (#17042).
- Fixed a bug where the
--filteroption to thepodman imagescommand would not correctly filter ids, digests, or intermediates (#19966). - Fixed a bug where setting the
--replaceoption to thepodman runcommand would print both the old and new container ID. Now, only the new container ID is printed. - Fixed a bug where the
podman machine lscommand would show Creation time as LastUp time for machines that have never been booted. Now, new machines showNever, with the json value being ZeroTime. - Fixed a bug in the
podman buildcommand where the default pull policy was not set tomissing(#20125). - Fixed a bug where setting the static or volume directory in
containers.confwould lead to cleanup errors (#19938). - Fixed a bug where the
podman kube playcommand exposed all containerPorts on the host (#17028). - Fixed a bug where the
podman farm updatecommand did not verify farm and connection existence before updating (#20080). - Fixed a bug where remote Podman calls would not honor the
--connectionoption while theCONTAINER_HOSTenvironment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588). - Fixed a bug where the
--env-hostoption was not honoring the default from containers.conf
API
- Fixed a bug in the Compat Image Prune endpoint where the dangling filter was set twice (#20469).
- Fixed a bug in the Compat API where attempting to connect a container to a network while the connection already exists returned a 200 status code. It now correctly returns a 500 error code.
- Fixed a bug in the Compat API where some responses would not have compatible error details if progress data had not been sent yet (#20013).
- The Libpod Pull endpoint now supports a new option, compatMode which causes the streamed JSON payload to be identical to the Compat endpoint.
- Fixed a bug in the Libpod Container Create endpoint where it would return an incorrect status code if the image was not found. The endpoint now correctly returns 404.
- The Compat Network List endpoint should see a significant performance improvement (#20035).
Misc
- Updated Buildah to v1.33.1
- Updated the containers/storage library to v1.51.0
- Updated the containers/image library to v5.29.0
- Updated the containers/common library to v0.57.0
- Updated the containers/libhvee library to v0.5.0
- Updated the Mac pkginstaller QEMU to v8.0.0
- Podman Machine now runs with gvproxy v0.7.1