The Key Features of Podman

Podman has a lot of advanced features, such as the support for running containers in Pods. It fully integrates with systemd, including the ability to generate unit files from containers and run systemd within a container. Podman also offers User Namespace support, including running containers without requiring root.

Podman has the ability to handle pod deployment which is a differentiator from other container runtimes. Brent Baude explains the how to in a recent blog post on the Red Hat Enable Sysadmin site, Podman: Managing pods and containers in a local container runtime.

  • Find: whether finding a container on dockerhub.io or quay.io, an internal registry server, or directly from a vendor, a couple of podman search, and podman pull commands make it easy
  • Run: it’s easy to consume pre-built images with everything needed to run an entire application, or start from a Linux distribution base image with the podman run command
  • Build: creating new layers with small tweaks, or major overhauls is easy with podman build
  • Share: Podman lets you push your newly built containers anywhere you want with a single podman push command

One of the core features of Podman is it's focus on security. There is no daemon involved in using Podman. It uses traditional fork-exec model instead and as well heavily utilizes user namespaces and network namespaces. As a result, Podman is a bit more isolated and in general more secure to use than Docker. You can even be root in a container without granting container or Podman any root privileges on the host -- and user in a container won't be able to do any root-level tasks on the host machine.

Daftar Materi