Podman - Release 3.0.0
Podman is the daemonless container engine, supporting rootless and rootfull containers. Today, Podman 3.0 was released. This release has several exciting features, including Docker Compose support, more networking options and security improvements. In addition, a ton of bugs were fixed, too.
Initial Support for Docker Compose
This is clearly the major feature of Podman 3.0. With the release 3.0, you will be able to run docker-compose files with podman. For now, this is limited to rootfull containers, but it is planned to be present in rootless mode, too. If everything goes well, docker-compose would not even recognize it is running with Podman. Brent Baude has already written an article here, which showcases the feature for the gitea.io compose files from the awesome-compose repository.
Secure Short Name Aliasing
One issue with pulling container images, like described in my article about Podman images can come from different registries. If the short named image "fedora" is existing in different repos, Podman will now prompt to ask where to pull from. This is also considered a security feature, since it can avoid malicious images.
Podman is mostly in use on Linux systems like CentOS, Fedora or Red Hat Enterprise Linux. All of them come with firewalld pre-installed, per default. In the past, reloading the firewall or restarting firewalld could cause issues and render all containers useless until restarted. Podman introduced a new command
podman network reload which can be used to recover from these situations. Additionally, Podman networks are supporting labels now and
podman network ls can filter for these. There is also the options to provide MTU and VLAN options via the
-opt parameter for new networks.
I have planned an article about podman images and will explain the topic in much more details, soon.
Security and Bugfixes
CVE-2021-20199 was fixed with Podman 3.0. This issue can use a situation where rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts).
The developer also took care of
podman generate systemd and took care of some edge cases like special characters or merged containers.
Handling Kubernetes YAML files via
podman play kube has seen some improvements too and should be much more reliable.
With the introduction of
podman rename, you can rename containers after they are created. Podman also supports attached volumes for
podman checkpoint operations. I want to mention the initial support for Docker Volume Plugins for the
podman volume create command.
There is even more, and checking the release notes is strongly recommended.
As of 26th February 2021, Podman 3.0.0 is available in Fedora 33.
The Podman 3.0 release marks another huge milestone to replace workflows from Docker and make Podman more secure. The new networking features also improve the behavior of production machines.