Why Choose Podman Over Docker? A Complete Guide to Daemon‑less Container Management
This article explains what Podman is, highlights its key architectural differences from Docker, and provides step‑by‑step instructions for installing, configuring, and using Podman—including common commands, image handling, rootless operation, volume management, and integration tips for Linux environments.
What is Podman?
Podman is an open‑source container runtime that works on most Linux platforms. It offers Docker‑compatible functionality but runs without a daemon and can operate without root privileges.
Podman can manage any OCI‑compliant container or image and provides a Docker‑compatible command‑line interface.
Podman website: https://podman.io/
Key Differences Between Podman and Docker
Docker requires a daemon and root privileges, which introduces security risks.
Podman runs without a daemon and does not need root, making its architecture more logical.
Docker uses multiple daemons (dockerd, containerd, containerd‑shim, runc) to implement OCI.
Podman directly calls the OCI runtime (runc) via a common process (conmon), eliminating the need for a root‑owned daemon.
In Podman, the common process is analogous to Docker's containerd‑shim.
The diagram illustrates that Podman does not require a daemon, while Docker’s containerd‑shim and Podman’s common are placed at the same container layer.
Podman vs Docker Usage Differences
Podman aims for Docker compatibility, so most commands are similar. Differences appear in process models and debugging; for example, Podman does not have the multiple daemon processes Docker uses.
From a user perspective, Podman commands cover container runtime (run/start/kill/ps/inspect) and local image management (images/rmi/build, login/pull/push). An alias can map Docker to Podman: alias docker=podman This allows seamless use of Docker commands with Podman.
Common Podman Commands
Containers
podman run # Create and start a container
podman start # Start a container
podman ps # List containers
podman stop # Stop a container
podman restart # Restart a container
podman attach # Attach to a container
podman exec # Execute a command in a container
podman export # Export a container
podman import # Import a container snapshot
podman rm # Remove a container
podman logs # View container logsImages
podman search # Search images
podman pull # Pull an image
podman images # List images
podman rmi # Remove an image
podman save # Export an image
podman load # Import an image
podman build # Build an image
podman tag # Tag an imageDeployment
# Install Podman
yum -y install podmanPodman Accelerators
Version 7 accelerator configuration (registries.conf):
# vim /etc/containers/registries.conf
registries = ["docker.io"]
[[docker.io]]
location = "j3m2itm3.mirror.aliyuncs.com"Version 8 accelerator configuration:
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"Using Podman
Running a container:
# podman run -d --name httpd docker.io/library/httpd
# podman imagesListing running containers:
# podman psNote: Adding -a to ps shows all containers.
Inspecting a container:
# podman inspect -l | grep IPAddressViewing logs:
# podman logs --latestViewing resource usage:
# podman top httpdStopping a container:
# podman stop --latestRemoving a container:
# podman rm --latestUploading Images
Build and push an image to Docker Hub:
# podman build -t nginx .
# podman tag docker.io/library/nginx:latest docker.io/1314444/test:latest
# podman login docker.io
Username: 1314444
Password: ********
Login Succeeded!
# podman push docker.io/1314444/test:latestConfiguring Aliases
# echo "alias docker=podman" >> ~/.bashrc
source ~/.bashrcUser Operations (Rootless Mode)
Install crun for cgroup V2 support and edit /usr/share/containers/containers.conf to set runtime = "crun". Then run containers as a non‑root user.
Installing slirp4netns and fuse‑overlayfs
# yum -y install slirp4netns
# yum -y install fuse-overlayfs
# vi /etc/containers/storage.conf
mount_program = "/usr/bin/fuse-overlayfs"/etc/subuid and /etc/subgid Configuration
Rootless users need UID/GID ranges defined in these files. Example:
# useradd zz
# echo "zz:100000:65536" >> /etc/subuid
# echo "zz:100000:65536" >> /etc/subgidConfiguration Files
The three main configuration files are containers.conf, storage.conf, and registries.conf. They can be placed in /etc/containers, /usr/share/containers, or the user’s ~/.config/containers directory, with later locations overriding earlier ones.
Volumes
When a container runs as root, files created inside the container appear as root on the host. Using --userns=keep-id preserves the host user’s UID/GID inside the container.
# podman run -it --name test -v "$(pwd)":/data --userns=keep-id docker.io/library/busybox /bin/shRootless users can map ports >= 1024 by default; to allow lower ports, set net.ipv4.ip_unprivileged_port_start in /etc/sysctl.conf and reload sysctl.
Overall, Podman provides a Docker‑compatible, daemon‑less, rootless container experience with flexible configuration and image management.
Selected Java Interview Questions
A professional Java tech channel sharing common knowledge to help developers fill gaps. Follow us!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.