Why Choose Podman Over Docker? A Complete Guide to Container Runtime

What is Podman?

Podman is an open‑source container runtime that works on most Linux distributions. It implements the OCI specifications, provides Docker‑compatible commands, and runs without a daemon or root privileges.

Key differences between Podman and Docker

Docker requires a root‑owned daemon (dockerd) while Podman runs daemon‑less.

Podman can be used by unprivileged users; Docker needs root for its daemon.

Docker’s engine uses a chain of dockerd → containerd → containerd‑shim → runc; Podman calls OCI runtimes directly and uses a “conmon” process similar to containerd‑shim.

Common Podman commands

podman run        # create and start a container
podman start      # start a stopped container
podman ps         # list containers
podman stop       # stop a container
podman restart    # restart a container
podman attach     # attach to a running container
podman exec       # execute a command in a container
podman rm         # remove a container
podman logs       # view container logs

podman search     # search images
podman pull       # download an image
podman images     # list images
podman rmi        # remove an image
podman build      # build an image from a Containerfile
podman save       # export an image
podman load       # import an image

Installing Podman

# yum -y install podman

Configuring registries (accelerators)

For version 7:

# vim /etc/containers/registries.conf
registries = ["docker.io"]
[[docker.io]]
location = "j3m2itm3.mirror.aliyuncs.com"

For version 8:

unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"

Running containers with Podman

# podman run -d --name httpd docker.io/library/httpd
# podman ps
# podman inspect -l | grep IPAddress

Rootless operation

Install crun and set it as the default OCI runtime in /usr/share/containers/containers.conf or /etc/containers/containers.conf: runtime = "crun" Install fuse-overlayfs and slirp4netns for rootless storage and networking, and enable them in /etc/containers/storage.conf:

driver = "overlay"
mount_program = "/usr/bin/fuse-overlayfs"

Managing volumes

# podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh

Port mapping for non‑root users

Rootless users cannot bind privileged ports (< 1024) unless net.ipv4.ip_unprivileged_port_start is lowered. Mapping ports ≥1024 works out of the box.