Understanding Podman: Features, Differences from Docker, and Common Commands

Podman is an open‑source container runtime that runs on most Linux platforms without requiring a daemon or root privileges, offering Docker‑compatible command‑line functionality and OCI‑compliant image management.

Key differences from Docker include the absence of a daemon, a more logical process architecture, and direct use of the OCI runtime (runC) via the conmon common process, eliminating the need for dockerd and its associated containerd / containerd-shim chain.

Podman commands mirror Docker’s, covering container lifecycle ( run, start, ps, stop, restart, attach, exec, logs, etc.) and image management ( search, pull, images, rmi, build, save, load). Example command blocks are shown below:

podman run           创建并启动容器  <br/>podman start         启动容器  <br/>podman ps            查看容器  <br/>podman stop          终止容器  <br/>podman restart       重启容器  <br/>podman attach        进入容器  <br/>podman exec          进入容器  <br/>podman export        导出容器  <br/>podman import        导入容器快照  <br/>podman rm            删除容器  <br/>podman logs          查看日志

Installation is straightforward (e.g., # yum -y install podman) and can be accelerated by configuring registries.conf to use a mirror repository.

# vim /etc/containers/registries.conf<br/>registries = ["docker.io"]<br/>[[docker.io]]<br/>location="j3m2itm3.mirror.aliyuncs.com"

Running containers as a non‑root user requires configuring subuid/subgid files, enabling crun as the OCI runtime, and optionally installing slirp4netns and fuse-overlayfs for rootless networking and storage.

# yum -y install crun<br/># vi /usr/share/containers/containers.conf<br/>runtime = "crun"

Volumes can be mounted with proper user namespace handling; using --userns=keep-id ensures file ownership inside the container matches the host user.

# podman run -it -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Rootless containers can map privileged ports by adjusting net.ipv4.ip_unprivileged_port_start in /etc/sysctl.conf, allowing ports ≥80 to be exposed.

# echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf<br/># sysctl -p

Overall, Podman provides a Docker‑compatible yet daemon‑less experience, supporting rootless operation, flexible configuration, and seamless image handling for modern Linux container workflows.