Podman Introduction: Features, Differences from Docker, and Common Commands

Podman Introduction

Podman is an open‑source container runtime that works on most Linux platforms. It offers Docker‑compatible commands but does not require a daemon and can operate without root privileges.

What is Podman?

Podman can manage and run any OCI‑compliant container or image, providing a Docker‑compatible CLI while avoiding the security risks associated with Docker's daemon.

Key Differences Between Podman and Docker

Docker relies on a root‑owned daemon (dockerd) for container management, which introduces security concerns.

Podman runs containers directly without a daemon, making its architecture more logical.

Docker uses a chain of daemons (dockerd → containerd → containerd‑shim → runc), whereas Podman uses a single conmon process similar to Docker's containerd‑shim .

Podman can run rootless containers, enhancing security.

Podman Commands

Container Management

podman run           # create and start a container
podman start         # start a container
podman ps            # list containers
podman stop          # stop a container
podman restart       # restart a container
podman attach        # attach to a container
podman exec          # execute a command in a container
podman export        # export a container
podman import        # import a container snapshot
podman rm            # remove a container
podman logs          # view container logs
podman top           # show processes inside a container

Image Management

podman search        # search images
podman pull          # pull an image
podman images        # list images
podman rmi           # remove an image
podman save          # export an image
podman load          # import an image
podman build         # build an image from a Containerfile

Deploying Podman

Install Podman and configure the registry:

# yum -y install podman
# vim /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io']

Using Podman

Running a container:

# podman run -d --name httpd docker.io/library/httpd
# podman ps
# podman inspect -l | grep IPAddress

Stop, remove, and view logs using the commands shown above. Rootless users can map ports >= 1024, or adjust net.ipv4.ip_unprivileged_port_start to allow lower ports.

Configuration Files

Key configuration files include containers.conf , storage.conf , and registries.conf . They can be placed in /etc/containers/ , /usr/share/containers/ , or per‑user at ~/.config/containers/ , with later files overriding earlier ones.

Rootless User Setup

To enable non‑root users to run Podman, ensure entries in /etc/subuid and /etc/subgid for the user, install crun for cgroup V2, and configure fuse‑overlayfs for storage.

Volumes

Mount host directories into containers using the -v flag. To preserve file ownership, use --userns=keep-id so files created inside the container retain the host user’s UID/GID.

# podman run -it -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Aliases

For seamless transition from Docker to Podman, add an alias:

# echo "alias docker=podman" >> ~/.bashrc
# source ~/.bashrc

Overall, Podman simplifies finding, running, building, and sharing containers while maintaining Docker compatibility and adding rootless security features.