Master Podman: Docker‑Compatible, Daemon‑Free Container Runtime

Podman is an open‑source container runtime that runs on most Linux platforms and offers Docker‑compatible commands without requiring a daemon or root privileges.

The main differences between Podman and Docker are that Podman does not need a long‑running daemon, supports rootless operation, and uses a different process hierarchy where Podman’s conmon replaces Docker’s containerd‑shim.

Common Podman Commands

Containers

podman run        # create and start a container
podman start      # start a stopped container
podman ps         # list running containers
podman stop       # stop a container
podman restart    # restart a container
podman attach     # attach to a container
podman exec       # execute a command in a container
podman export     # export a container
podman import     # import a container snapshot
podman rm         # remove a container
podman logs       # view container logs

Images

podman search          # search for images
podman pull            # pull an image
podman images          # list images
podman image ls        # list images (alias)
podman rmi             # remove an image
podman image rm        # remove an image
podman save            # export an image
podman load            # import an image
podman build           # build an image from a Dockerfile
podman tag             # tag an image

Installation

# yum -y install podman

Configuring Registries and Accelerators

For version 7:

# vim /etc/containers/registries.conf
[registries.search]
registries = ["docker.io"]
[[docker.io]]
location = "j3m2itm3.mirror.aliyuncs.com"

For version 8:

# vim /etc/containers/registries.conf
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"

Running Containers and Managing Images

# podman run -d --name httpd docker.io/library/httpd
# podman images
# podman ps
# podman inspect -l | grep IPAddress
# podman logs --latest
# podman top httpd
# podman stop --latest
# podman rm --latest

Rootless Operation and User Namespaces

Install crun for rootless containers and set it as the default OCI runtime:

# yum -y install crun
# vi /usr/share/containers/containers.conf
runtime = "crun"

Enable user namespaces and configure subuid/subgid files so that non‑root users can run containers safely.

Volumes and Permissions

Mount a host directory into a container and manage file ownership:

# podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh
# podman run -it --name test -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Rootless users can map ports >= 1024 by default; to allow lower ports, set net.ipv4.ip_unprivileged_port_start in /etc/sysctl.conf.

Configuration Files

Podman reads configuration in the following order (higher priority overrides lower):

~/.config/containers/containers.conf

/etc/containers/containers.conf

/usr/share/containers/containers.conf

Similar precedence applies to storage.conf and registries.conf. Adjust driver = "overlay" and mount_program = "/usr/bin/fuse-overlayfs" for optimal storage.