Podman vs Docker: Complete Guide to Installation, Commands & Best Practices

Podman Overview

What is Podman?

Podman is an open‑source container runtime that works on most Linux platforms. It offers Docker‑compatible functionality but runs without a daemon and can operate without root privileges. It manages OCI‑compatible containers and images and provides a Docker‑compatible CLI.

Official site: https://podman.io/

Main differences between Podman and Docker

Docker requires a root‑running daemon (dockerd) for CRI, introducing security risks.

Podman runs without a daemon and does not need root, making its architecture simpler.

Docker uses multiple daemons (dockerd → containerd → containerd‑shim → runc) to run containers.

Podman calls the OCI runtime (runc) directly via a lightweight “conmon” process, analogous to Docker’s containerd‑shim.

Podman usage vs Docker

Podman aims for Docker compatibility, so commands are similar. Differences appear in process models and debugging; Podman lacks the extra daemon layer, affecting restart mechanisms.

Common Podman Commands

Containers

podman run          # create and start a container
podman start        # start a container
podman ps           # list containers
podman stop         # stop a container
podman restart      # restart a container
podman attach       # attach to a container
podman exec         # execute a command in a container
podman export       # export a container
podman import       # import a container snapshot
podman rm           # remove a container
podman logs         # view container logs

Images

podman search
podman pull
podman images
podman image ls
podman rmi
podman image rm
podman save
podman load
podman build
# Dockerfile directives: COPY, ADD, CMD, ENV, EXPOSE

Deploying Podman

# Install Podman
yum -y install podman

# Configure registries (example)
vim /etc/containers/registries.conf
[registries.search]
registries = ['registry.access.redhat.com','registry.redhat.io','docker.io']
unqualified-search-registries = ['registry.fedoraproject.org','registry.access.redhat.com','registry.centos.org','docker.io']

# Insecure registry example
[registries.insecure]
registries = ['10.0.0.1']

# Add a mirror
[registries.search]
registries = ['https://l9h8fu9j.mirror.aliyuncs.com','docker.io']

Running a container

# Pull and run an httpd image
podman run -d --name httpd docker.io/library/httpd
podman ps

Inspecting a container

podman inspect -l | grep IPAddress
curl 10.88.0.5

Viewing logs

podman logs --latest

Resource usage

podman top <container_id>

Stopping and removing containers

podman stop --latest
podman rm --latest

Uploading an image

# Build an image from a Dockerfile
podman build -t nginx .
# Tag and push
podman tag docker.io/library/nginx:latest docker.io/1314444/test:latest
podman login docker.io
podman push docker.io/1314444/test:latest

Alias for Docker compatibility

echo "alias docker=podman" >> ~/.bashrc
source ~/.bashrc

Rootless operation

To run Podman without root, install crun and set it as the default OCI runtime in /etc/containers/containers.conf. Configure slirp4netns and fuse‑overlayfs for networking and storage.

Subuid/Subgid configuration

# Install shadow-utils
yum -y install shadow-utils
# Add a user and view mappings
useradd zz
cat /etc/subuid
cat /etc/subgid
usermod --add-subuids 200000-201000 --add-subgids 200000-201000 zz

Volume usage

# Run a container with a bind‑mounted volume
podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh
# Inside container, create a file
touch /data/123
# On host, the file is owned by the host user when using --userns=keep-id
podman run -it --name test -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Port mapping for rootless users

# Ports >=1024 work by default
podman run -d -p 1024:80 httpd

# To allow privileged ports, set sysctl
echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
sysctl -p
podman run -d -p 80:80 httpd

In summary, Podman simplifies finding, running, building, and sharing containers while remaining compatible with Docker commands.