Podman - Release 3.0.0

Podman Feb 12, 2021

Podman is the daemonless container engine, supporting rootless and rootfull containers. Today, Podman 3.0 was released. This release has several exciting features, including Docker Compose support, more networking options and security improvements. In addition, a ton of bugs were fixed, too.

Initial Support for Docker Compose

This is clearly the major feature of Podman 3.0. With the release 3.0, you will be able to run docker-compose files with podman. For now, this is limited to rootfull containers, but it is planned to be present in rootless mode, too. If everything goes well, docker-compose would not even recognize it is running with Podman. Brent Baude has already written an article here, which showcases the feature for the gitea.io compose files from the awesome-compose repository.

Secure Short Name Aliasing

One issue with pulling container images, like described in my article about Podman images can come from different registries. If the short named image "fedora" is existing in different repos, Podman will now prompt to ask where to pull from. This is also considered a security feature, since it can avoid malicious images.

Networking Features

Podman is mostly in use on Linux systems like CentOS, Fedora or Red Hat Enterprise Linux. All of them come with firewalld pre-installed, per default. In the past, reloading the firewall or restarting firewalld could cause issues and render all containers useless until restarted. Podman introduced a new command podman network reload which can be used to recover from these situations. Additionally, Podman networks are supporting labels now and podman network ls can filter for these. There is also the options to provide MTU and VLAN options via the -opt parameter for new networks.

I have planned an article about podman images and will explain the topic in much more details, soon.

Security and Bugfixes

CVE-2021-20199 was fixed with Podman 3.0. This issue can use a situation where rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts).

The developer also took care of podman generate systemd and took care of some edge cases like special characters or merged containers.

Handling Kubernetes YAML files via podman play kube has seen some improvements too and should be much more reliable.

Even More

With the introduction of podman rename, you can rename containers after they are created. Podman also supports attached volumes for podman checkpoint operations. I want to mention the initial support for Docker Volume Plugins for the podman volume create command.

There is even more, and checking the release notes is strongly recommended.

Update

As of 26th February 2021, Podman 3.0.0 is available in Fedora 33.

Conclusion

The Podman 3.0 release marks another huge milestone to replace workflows from Docker and make Podman more secure. The new networking features also improve the behavior of production machines.

Tags

Daniel Schier

Just a guy doing stuff. Mostly #FLOSS like #Linux, #Ansible, #Podman, #K8s, #Python, #Nextcloud or whatever comes next.

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.