Podman: A tool for managing OCI containers and pods.
This is the first release candidate for Podman v5.0.0.
Release notes are not yet available, but will be published as part of a subsequent release candidate.
--rootful
option to podman machine set
would not set the machine to use the root connection (#21195).euid != 0
and capabilities set (#20766).podman info
command would crash on if called multiple times when podman was running as euid=0
without CAP_SYS_ADMIN
(#20908).podman machine
commands were not relayed to the correct machine on AppleHV (#21115).podman machine list
and podman machine inspect
commands would not show the correct Last Up
time on AppleHV (#21244).podman farm
suite of commands for multi-architecture builds is now fully enabled and documented.podman machine
did not forward the API socket to the host machine.podman kube play
could cause Podman to panic.podman system reset
could fail if non-Podman containers (e.g. containers created by Buildah) were present.podman machine
VMs now default to a PID limit of unlimited, instead of 2048.podman kube play --replace
, the pod is removed on the client side, not the server side (#20705).podman machine rm -f
would cause a deadlock when running with WSL.database is locked
errors with the new sqlite database backend (#20809).podman-remote exec
would fail if the server API version is older than 4.8.0 (#20821).CONTAINERS_MACHINE_PROVIDER
environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.podman build
command now supports Containerfiles with heredoc syntax.podman login
and podman logout
commands now support a new option, --compat-auth-file
, which allows for editing Docker-compatible config files (#18617).podman machine init
and podman machine set
commands now support a new option, --usb
, which sets allows USB passthrough for the QEMU provider (#16707).--ulimit
option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319).podman play kube
command now supports the BUILDAH_ISOLATION
environment variable to change build isolation when the --build
option is set (#20024).podman volume create
command now supports --opt o=size=XYZ
on tmpfs file systems (#20449).podman info
command for remote calls now reports client information even if the remote connection is unreachableprivileged
, to containers.conf, which sets the defaults for the --privileged
flag when creating, running or exec'ing into a container.podman kube play
command now supports setting DefaultMode for volumes (#19313).--opt
option to the podman network create
command now accepts a new driver specific option, vrf
, which assigns a VRF to the bridge interface.--rdt-class=COS
has been added to the podman create
and podman run
commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.podman kube play
command now supports a new option, --publish-all
, which exposes all containerPorts on the host.label!=
, which filters for containers without the specified label.containers.conf
settings when creating and managing containers.--help
option to the podman push
command now shows the compression algorithm used.commit
command now shows progress messages (#19947).podman kube play
command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321).--tty,-t
option to the podman exec
command now defines the TERM environment variable even if the container is not running with a terminal (#20334).helper_binaries_dir
option in containers.conf to lookup the init binary (catatonit).applehv
, qemu
, wsl
, and hyperv
are no longer valid Podman machine namesUIDMap
, GIDMap
, SubUIDMap
, and SubGIDMap
options in .container files.ReadOnlyTmpfs
option.ImageName
for .image files.--force
, to the stop command.oneshot
service type for .kube files, which allows yaml files without containers..image
.--uts
and --network
options to host
did not fill /etc/hostname with the host's name (#20448).build
command would incorrectly parse https paths (#20475).podman exec
command would leak sessions when the specified command does not existFixed a bug where the podman exec
command would leak sessions when the specified command does not exist (#20392).podman history
command did not display the size of certain layers (#20375).--restart always/on-failure
would not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615).podman top
command would incorrectly parse options (#19176).--read-only-tmpfs
option to the podman run
command was incorrectly handled when the --read-only
option was set (#20225).--filter
option to the podman images
command would not correctly filter ids, digests, or intermediates (#19966).--replace
option to the podman run
command would print both the old and new container ID. Now, only the new container ID is printed.podman machine ls
command would show Creation time as LastUp time for machines that have never been booted. Now, new machines show Never
, with the json value being ZeroTime.podman build
command where the default pull policy was not set to missing
(#20125).containers.conf
would lead to cleanup errors (#19938).podman kube play
command exposed all containerPorts on the host (#17028).podman farm update
command did not verify farm and connection existence before updating (#20080).--connection
option while the CONTAINER_HOST
environment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588).--env-host
option was not honoring the default from containers.confCONTAINERS_MACHINE_PROVIDER
environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.podman login
and podman logout
commands now support a new option, --compat-auth-file
, which allows for editing Docker-compatible config files (#18617).podman machine init
and podman machine set
commands now support a new option, --usb
, which sets allows USB passthrough for the QEMU provider (#16707).--ulimit
option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319).podman play kube
command now supports the BUILDAH_ISOLATION
environment variable to change build isolation when the --build
option is set (#20024).podman volume create
command now supports --opt o=size=XYZ
on tmpfs file systems (#20449).podman info
command for remote calls now reports client information even if the remote connection is unreachableprivileged
, to containers.conf, which sets the defaults for the --privileged
flag when creating, running or exec'ing into a container.podman kube play
command now supports setting DefaultMode for volumes (#19313).--opt
option to the podman network create
command now accepts a new driver specific option, vrf
, which assigns a VRF to the bridge interface.--rdt-class=COS
has been added to the podman create
and podman run
commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.podman kube play
command now supports a new option, --publish-all
, which exposes all containerPorts on the host.label!=
, which filters for containers without the specified label.--help
option to the podman push
command now shows the compression algorithm used.commit
command now shows progress messages (#19947).podman kube play
command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321).--tty,-t
option to the podman exec
command now defines the TERM environment variable even if the container is not running with a terminal (#20334).helper_binaries_dir
option in containers.conf to lookup the init binary (catatonit).applehv
, qemu
, wsl
, and hyperv
are no longer valid Podman machine namesUIDMap
, GIDMap
, SubUIDMap
, and SubGIDMap
options in .container files.ReadOnlyTmpfs
option.ImageName
for .image files.--force
, to the stop command.oneshot
service type for .kube files, which allows yaml files without containers..image
.--uts
and --network
options to host
did not fill /etc/hostname with the host's name (#20448).build
command would incorrectly parse https paths (#20475).podman exec
command would leak sessions when the specified command does not existFixed a bug where the podman exec
command would leak sessions when the specified command does not exist (#20392).podman history
command did not display the size of certain layers (#20375).--restart always/on-failure
would not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615).podman top
command would incorrectly parse options (#19176).--read-only-tmpfs
option to the podman run
command was incorrectly handled when the --read-only
option was set (#20225).--filter
option to the podman images
command would not correctly filter ids, digests, or intermediates (#19966).--replace
option to the podman run
command would print both the old and new container ID. Now, only the new container ID is printed.podman machine ls
command would show Creation time as LastUp time for machines that have never been booted. Now, new machines show Never
, with the json value being ZeroTime.podman build
command where the default pull policy was not set to missing
(#20125).containers.conf
would lead to cleanup errors (#19938).podman kube play
command exposed all containerPorts on the host (#17028).podman farm update
command did not verify farm and connection existence before updating (#20080).--connection
option while the CONTAINER_HOST
environment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588).--env-host
option was not honoring the default from containers.conf