Podman

April 05, 2020

An alternative to Docker

Podman is a new container engine developed by RedHat that doesn’t depend on a daemon, and it works seamlessly with both containers and pods. Podman is a command line tool interacting with libpod. Podman currently runs only on Linux. There is no wrapper for Windows and MacOS, like Docker has. Neither is there a Docker Compose replacement for Podman. Podman as well as Docker are built on top of runC. Instead of using a daemon, Podman is using runC directly.

Migrating from Docker to Podman

It is very easy to migrate from Docker to Podman. The Docker commands will be the same for Podman, and Docker images are compatible with Podman. However, Podman stores its containers and images in a different location.

Usage

In order to pull an image you execute the command:

podman pull [name of image]

Podman will first check registry.redhat.io for the latest version of the image. If Podman doesn’t find it there, it will move on to docker.io. You can view all downloaded images with the command:

podman images

To run a container

podman run [name of image]

To execute a comand inside a running container

podman exec -it [name of container] sh

Security

Docker uses a CLI to communicate with the Docker daemon via a client/server operation. Podman uses a fork/exec model for the container, and the container process is a child of the Podman process. By running Podman and containers as a regular user rather then root, it is not required to grant a user root privileges on the host. With a client/server model like Docker, you must open a socket to a daemon running as root to launch the containers. Podman also allows you to maintain improved security though audit logging.