Podman is a daemonless container engine developed by Red Hat as an alternative to Docker. Unlike Docker, which runs a central daemon as root, Podman launches containers directly as child processes of the invoking user, with no always-running service. This makes it more secure (no privileged daemon to compromise) and more amenable to running inside systemd services.
Podman's CLI is deliberately Docker-compatible: alias docker=podman works for most commands. Images, Dockerfiles, and registries are compatible with Docker's because both projects conform to the OCI (Open Container Initiative) standards.
podman run -it --rm alpine sh
podman ps
podman build -t myapp .
podman pod create -p 8080:80 webpod # pods (like k8s)
podman generate systemd --new myapp # create a systemd unit
podman auto-update # pull and restart on new images
A distinctive feature is rootless mode: ordinary users can run containers without root at all, using user namespaces to map the container's root to their own UID. This is a significant security improvement over Docker's default, and one reason Fedora, RHEL, and other Red Hat distributions ship Podman as the default. For day-to-day development, the experience is largely indistinguishable from Docker.
Discussed in:
- Chapter 17: Containers and Virtualisation — The OCI Standard
Also defined in: Textbook of Linux