podman Command
Intermediate Containers man(1)Daemonless rootless container management tool
π 1 views
π
Updated: Mar 16, 2026
SYNTAX
podman [OPTIONS] COMMAND [ARG...]
What Does podman Do?
The podman command is a next-generation container engine that manages OCI containers without requiring a daemon or root privileges. Developed by Red Hat, Podman provides a Docker-compatible CLI while offering superior security through its rootless-first, daemonless architecture.
Unlike Docker, which relies on a long-running dockerd daemon with root privileges, Podman runs each container as a direct child process of the user. This eliminates the single point of failure risk and reduces the attack surface significantly. Podman is the default container engine on RHEL 8+, Fedora, CentOS Stream, and AlmaLinux.
Podman introduces native pod support β the ability to group multiple containers sharing the same network namespace, directly mirroring the Kubernetes pod concept. This makes Podman an excellent tool for local Kubernetes development, as you can generate Kubernetes YAML from running pods and vice versa.
The Podman ecosystem includes Buildah (for building images without a Dockerfile), Skopeo (for inspecting and copying images between registries), and Quadlet (for running containers as systemd services). Together, they provide a complete, daemonless container management solution.
Unlike Docker, which relies on a long-running dockerd daemon with root privileges, Podman runs each container as a direct child process of the user. This eliminates the single point of failure risk and reduces the attack surface significantly. Podman is the default container engine on RHEL 8+, Fedora, CentOS Stream, and AlmaLinux.
Podman introduces native pod support β the ability to group multiple containers sharing the same network namespace, directly mirroring the Kubernetes pod concept. This makes Podman an excellent tool for local Kubernetes development, as you can generate Kubernetes YAML from running pods and vice versa.
The Podman ecosystem includes Buildah (for building images without a Dockerfile), Skopeo (for inspecting and copying images between registries), and Quadlet (for running containers as systemd services). Together, they provide a complete, daemonless container management solution.
Options & Flags
| Option | Description | Example |
|---|---|---|
| run | Create and start a container (rootless by default) | podman run -d --name web -p 8080:80 nginx:alpine |
| pod create | Create a new pod (shared network namespace) | podman pod create --name webapp -p 8080:80 |
| generate kube | Generate Kubernetes YAML from a pod/container | podman generate kube webapp > webapp.yaml |
| play kube | Deploy containers from Kubernetes YAML | podman play kube webapp.yaml |
| generate systemd | Generate systemd unit files for a container | podman generate systemd --name web --files --new |
| build | Build an image using Buildah backend | podman build -t myapp:latest . |
| ps | List containers (-a for all, --pod for pod info) | podman ps -a --pod |
| exec | Execute command inside running container | podman exec -it web bash |
| auto-update | Automatically update container images | podman auto-update |
| machine init/start | Initialize and start Podman VM on macOS/Windows | podman machine init && podman machine start |
Practical Examples
#1 Run rootless container
Run a container as your regular user without sudo. Rootless by default β no daemon, no root privileges.
$ podman run -d --name myapp -p 8080:80 nginx:alpine#2 Create and use a pod
Create a pod and add web + database containers sharing the same network namespace (localhost communication).
$ podman pod create --name webapp -p 8080:80 -p 5432:5432 && podman run -d --pod webapp --name web nginx:alpine && podman run -d --pod webapp --name db postgres:16-alpine#3 Generate Kubernetes YAML
Export a running pod as Kubernetes-compatible YAML. Deploy to K8s with kubectl apply -f webapp.yaml.
$ podman generate kube webapp > webapp.yaml#4 Run container as systemd service
Generate a systemd unit file and install it as a user service. Container auto-starts on boot.
$ podman generate systemd --name web --files --new && cp container-web.service ~/.config/systemd/user/ && systemctl --user enable --now container-web#5 Use Docker Compose with Podman
Enable the Podman socket for Docker API compatibility. Docker Compose works transparently.
$ systemctl --user enable --now podman.socket && export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock && docker compose up -d#6 Inspect container processes
Show processes running inside a container with their PID, user, and command β similar to ps for containers.
$ podman top web pid user comm#7 Mount container filesystem
Mount a container filesystem on the host for inspection or file extraction without starting it.
$ mnt=$(podman mount mycontainer) && ls $mnt/etc/ && podman unmount mycontainer#8 Diff container changes
Show filesystem changes made inside a container since it was created (added, changed, deleted files).
$ podman diff webTips & Best Practices
alias docker=podman: Podman is CLI-compatible with Docker. Add alias docker=podman to your .bashrc for seamless migration. Most Docker commands work identically.
Rootless ports below 1024: Rootless containers cannot bind to ports below 1024 by default. Fix with: sysctl net.ipv4.ip_unprivileged_port_start=80 or use port mapping like -p 8080:80.
Storage location differs: Rootless Podman stores images in ~/.local/share/containers/ (not /var/lib/docker). Root and rootless have completely separate image stores.
Use Quadlet for production services: Instead of generate systemd, use Quadlet .container files in /etc/containers/systemd/ for a cleaner, more maintainable systemd integration.
Multi-registry support: Configure /etc/containers/registries.conf to search multiple registries (Docker Hub, Quay, GHCR) automatically.
Frequently Asked Questions
What is the difference between Podman and Docker?
Podman is daemonless (no long-running root process), rootless by default, and supports native pods. Docker uses a daemon (dockerd) and requires root. Podman is CLI-compatible β most docker commands work with podman.
Can I use Docker Compose with Podman?
Yes. Enable the Podman socket (systemctl --user enable --now podman.socket) and set DOCKER_HOST. Docker Compose works transparently. Or use podman-compose as an alternative.
How do I run Podman on macOS or Windows?
Use podman machine: podman machine init && podman machine start. This creates a lightweight Linux VM that runs Podman. Available via Homebrew (macOS) or the official installer (Windows).
What are Podman pods?
Pods group containers that share the same network namespace β they communicate via localhost, share the same IP, and are managed together. This mirrors the Kubernetes pod concept.
Is Podman production-ready?
Yes. Podman is the default container engine on RHEL 8+, used in enterprise production. Red Hat OpenShift relies on the same container runtime (CRI-O) that shares code with Podman.
Related Commands
More Containers Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books β