IT Get in touch

Podman 1.0: daemonless and rootless container engine

Podman 1.0 (January 2019) by Red Hat: container engine with Docker-compatible CLI, daemonless architecture, rootless support, Kubernetes-style pods. Part of the buildah + skopeo ecosystem for Linux container management.

Open SourceWeb
Open SourceWeb PodmanRed HatContainerDaemonlessRootlessBuildahSkopeoOpen Source
Linux Services & Systems

Linux Services & Systems

Domains, hosting, certified email, email infrastructure, network services and Linux systems. Open Source infrastructure support and management.

Discover →

A container engine without daemon

Docker is built around a privileged daemon (dockerd) handling all operations. This architecture has two perceived issues:

  • Single point of failure — if the daemon crashes, all containers fall
  • Privilege model — the daemon runs as root; whoever can talk to the Docker socket has root privileges

Podman (from 2018) responds with daemonless architecture: every podman command is an independent process using runc/crun directly, without persistent intermediaries. Developed by Red Hat under Apache 2.0, on 14 January 2019 Podman reaches stable version 1.0.

Docker-compatible CLI

Podman mimics the Docker CLI API: podman run, podman build, podman pull, podman push work like Docker counterparts. The alias alias docker=podman runs many existing scripts unchanged.

Not full identity: Podman does not natively support docker-compose (but has podman-compose, third-party, and later podman play kube for K8s-style YAML).

Rootless

Podman supports rootless mode natively: a non-root user can run containers without sudo. Uses user namespaces and subuid/subgid for ID mapping. Advantages:

  • Reduced attack surface
  • Easier multi-tenancy
  • Compatibility with HPC environments (where users are not root)

Docker will add rootless support later (Docker 20.10, 2020), partly driven by Podman.

Pods

Podman introduces the pod concept — a group of containers sharing network namespace, analogously to Kubernetes pods. The podman pod create command creates a pod, then containers are added with podman run --pod <pod-name>. Allows local prototyping of K8s-like configurations.

Buildah and Skopeo

Podman is part of a Red Hat ecosystem:

  • Buildah — OCI image build without daemon, script-friendly, more flexible than docker build
  • Skopeo — OCI image inspection, copy, signing between registries without local pull
  • CRI-O — K8s-native runtime (same team, covered elsewhere)

Together they form Red Hat’s “container-tools” stack, complementary to Docker but with different architecture.

Adoption

  • Red Hat Enterprise Linux 8 (2019) — Podman as default, Docker removed
  • Fedora 31+ — Podman as default
  • OpenShift 4 — buildah + CRI-O as building/running stack
  • GitLab CI runners — Podman option

In the Italian context

Italian adoption:

  • RHEL-based companies — automatic with RHEL 8+ upgrade
  • PA — OpenShift adoption brings Podman
  • Local development — alternative to Docker Desktop for enterprise scenarios

References: Podman 1.0 (14 January 2019). Red Hat. Apache 2.0 licence. Ecosystem components: Buildah (image build), Skopeo (image management), CRI-O (K8s runtime). Rootless mode. Docker CLI compatibility. RHEL 8, Fedora 31+ default.

Need support? Under attack? Service Status
Need support? Under attack? Service Status