Why Choose Podman Over Docker? Complete Guide to Features, Commands, and Setup

What is Podman?

Podman is an open‑source container runtime that works on most Linux platforms. It provides Docker‑compatible functionality but runs without a daemon and can operate without root privileges.

Podman can manage any OCI‑compatible container or image and offers a Docker‑compatible CLI.

Official site: https://podman.io/

Key differences between Podman and Docker

Docker requires a daemon (dockerd) that runs as root, introducing security risks.

Podman does not need a daemon and can run without root, making its architecture simpler.

Docker’s CRI implementation involves multiple daemons (dockerd → containerd → containerd‑shim → runc). Podman calls the OCI runtime (runc) directly and uses a “conmon” process similar to Docker’s containerd‑shim.

The diagram shows that Podman lacks a daemon layer, while Docker’s containerd‑shim sits in the container layer.

How Podman usage differs from Docker

Podman aims for Docker compatibility, so most commands are the same. From a system‑builder perspective the only differences are the process model and the need to adapt debugging commands (e.g., using pstree). From a user perspective the command set (run/start/kill/ps/inspect, images, login/pull/push, etc.) is identical, and an alias such as alias docker=podman can provide seamless substitution.

Common Podman commands

Containers

podman run           # create and start a container
podman start         # start a container
podman ps            # list containers
podman stop          # stop a container
podman restart       # restart a container
podman attach        # attach to a container
podman exec          # execute a command in a container
podman export        # export a container
podman import        # import a container snapshot
podman rm            # remove a container
podman logs          # view container logs

Images

podman search        # search images
podman pull          # pull an image
podman images        # list images
podman rmi           # remove an image
podman save          # export an image
podman load          # import an image
podman build         # build an image (Dockerfile)
podman tag           # tag an image

Deployment

# yum -y install podman

Podman registry accelerators

Version 7 example (modify /etc/containers/registries.conf to use a mirror):

# vim /etc/containers/registries.conf
[registries.search]
registries = ["docker.io"]
[[docker.io]]
location = "j3m2itm3.mirror.aliyuncs.com"

Version 8 example (use unqualified-search-registries and [[registry]] sections):

unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"

Using Podman

Running a container:

# podman run -d --name httpd docker.io/library/httpd
# podman images

Listing running containers: # podman ps Inspecting the latest container: # podman inspect -l | grep IPAddress Viewing logs of the latest container: # podman logs --latest Viewing resource usage: # podman top httpd Stopping and removing a container:

# podman stop --latest
# podman rm --latest

Image upload workflow

Build, tag, login, and push an image to Docker Hub:

# podman build -t nginx .
# podman tag docker.io/library/nginx:latest docker.io/1314444/test:latest
# podman login docker.io
# podman push docker.io/1314444/test:latest

Alias configuration

To use Docker commands with Podman, add the following line to ~/.bashrc and reload:

echo "alias docker=podman" >> ~/.bashrc
source ~/.bashrc

User configuration for rootless operation

Install crun and set it as the default OCI runtime in /etc/containers/containers.conf:

# yum -y install crun
# vi /etc/containers/containers.conf
runtime = "crun"

Install slirp4netns and fuse‑overlayfs for rootless networking and storage, and enable them in /etc/containers/storage.conf:

# yum -y install slirp4netns fuse-overlayfs
mount_program = "/usr/bin/fuse-overlayfs"

Configure UID/GID mappings in /etc/subuid and /etc/subgid for each user, e.g.: zz:100000:65536 Adjust kernel parameters for unprivileged ports if needed:

# echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
# sysctl -p

Volumes

When a container runs as root, files created inside the container appear as owned by root on the host. Using the --userns=keep-id flag preserves the host user’s UID/GID inside the container.

# podman run -it -v "$(pwd)"/data:/data --userns=keep-id busybox /bin/sh