buildah Command
Advanced Containers man(1)Build OCI container images without a daemon
📅 Updated: Mar 16, 2026
SYNTAX
buildah [OPTIONS] COMMAND [ARG...]
What Does buildah Do?
The buildah command builds OCI and Docker container images without requiring a running daemon. Part of the Podman container ecosystem developed by Red Hat, Buildah provides fine-grained control over the image build process — either using standard Dockerfiles or through scripted builds that manipulate container layers directly.
Buildah is particularly valuable in CI/CD pipelines where running a Docker daemon is impractical or a security concern. It can build images as a regular user (rootless), does not require any long-running background process, and produces images compatible with Docker, Podman, Kubernetes, and any OCI-compliant runtime.
While podman build uses Buildah internally for Dockerfile-based builds, the buildah CLI adds unique capabilities: scripted builds without Dockerfiles, mounting container filesystems on the host, fine-grained layer control, and the ability to build from scratch (empty) images. This makes Buildah ideal for creating minimal, optimized container images for production.
Buildah is particularly valuable in CI/CD pipelines where running a Docker daemon is impractical or a security concern. It can build images as a regular user (rootless), does not require any long-running background process, and produces images compatible with Docker, Podman, Kubernetes, and any OCI-compliant runtime.
While podman build uses Buildah internally for Dockerfile-based builds, the buildah CLI adds unique capabilities: scripted builds without Dockerfiles, mounting container filesystems on the host, fine-grained layer control, and the ability to build from scratch (empty) images. This makes Buildah ideal for creating minimal, optimized container images for production.
Options & Flags
| Option | Description | Example |
|---|---|---|
| from | Create a working container from a base image | buildah from alpine:3.19 |
| run | Run a command inside the working container | buildah run $ctr apk add --no-cache python3 |
| copy | Copy files into the working container | buildah copy $ctr ./app /app |
| config | Set image configuration (CMD, ENV, EXPOSE, etc.) | buildah config --cmd "python3 /app/main.py" $ctr |
| commit | Create an image from a working container | buildah commit $ctr myapp:latest |
| bud (build-using-dockerfile) | Build image from Dockerfile | buildah bud -t myapp:latest . |
| mount | Mount working container filesystem on host | mnt=$(buildah mount $ctr) |
| unmount | Unmount a working container filesystem | buildah unmount $ctr |
| images | List locally stored images | buildah images |
| rm | Remove a working container | buildah rm $ctr |
Practical Examples
#1 Scripted build (no Dockerfile)
Build an image step-by-step using shell commands. Each command gives you full control over the layer.
$ ctr=$(buildah from alpine:3.19) && buildah run $ctr apk add --no-cache python3 pip && buildah copy $ctr ./app /app && buildah config --cmd "python3 /app/main.py" --port 8080 $ctr && buildah commit $ctr myapp:latest#2 Build from Dockerfile
Standard Dockerfile build with layer caching and multi-stage target. Compatible with docker build.
$ buildah bud -t myapp:v1.0 --layers --target production .#3 Build from scratch (empty image)
Create a minimal image from scratch containing only your static binary. Smallest possible image size.
$ ctr=$(buildah from scratch) && mnt=$(buildah mount $ctr) && cp mybinary $mnt/ && buildah config --cmd "/mybinary" $ctr && buildah commit $ctr minimal:latest#4 Mount and inspect filesystem
Mount a container filesystem on the host for inspection, file copying, or debugging.
$ ctr=$(buildah from nginx:alpine) && mnt=$(buildah mount $ctr) && ls $mnt/etc/nginx/ && buildah unmount $ctr && buildah rm $ctr#5 Push to registry
Push a locally built image to Docker Hub. Supports any OCI-compatible registry.
$ buildah push myapp:latest docker://docker.io/myuser/myapp:latest#6 Multi-architecture build
Build a multi-architecture manifest list for both AMD64 and ARM64 platforms.
$ buildah build --platform linux/amd64,linux/arm64 --manifest myapp:latest .Tips & Best Practices
Rootless builds in CI/CD: Buildah builds images without a daemon or root privileges — perfect for CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) where running dockerd is impractical.
podman build uses Buildah: podman build is a wrapper around Buildah for Dockerfile builds. Use buildah directly when you need scripted builds, filesystem mounting, or building from scratch.
Working containers are temporary: Working containers created with buildah from are temporary. Always commit (buildah commit) before removing them, or your work is lost.
Use --layers for caching: Use buildah bud --layers to enable layer caching during Dockerfile builds. This dramatically speeds up rebuilds when only later layers change.
Frequently Asked Questions
What is the difference between Buildah and Docker build?
Buildah is daemonless and rootless — it does not require a running daemon. It supports both Dockerfile and scripted builds. Docker build requires the Docker daemon. Buildah produces identical OCI images.
Can I use Buildah with Kubernetes?
Yes. Images built with Buildah are OCI-compliant and work with any container runtime including containerd and CRI-O used by Kubernetes.
How do I build from scratch with Buildah?
Use buildah from scratch to start with a completely empty image. Mount it, copy in your static binary, set the CMD, and commit. This creates the smallest possible image.
Is Buildah compatible with Dockerfiles?
Yes. buildah bud (build-using-dockerfile) processes standard Dockerfiles including multi-stage builds, ARG, FROM, COPY, RUN, and all other Dockerfile instructions.
Related Commands
More Containers Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books →