v4.3.0-RC1

This is the first release candidate for Podman v4.3.0. Full release notes are not available, and will be compiled as part of the release.

v4.2.1

Features

• Added support for Sigstore signatures (sigstoreSigned) to the podman image trust set and podman image trust show commands.`
• The podman image trust show command now recognizes new lookaside field names.
• The podman image trust show command now recognizes keyPaths in signedBy entries.

Changes

• BREAKING CHANGE: podman image trust show may now show multiple entries for the same scope, to better represent separate requirements. GPG IDs on a single row now always represent alternative keys, only one of which is required; if multiple sets of keys are required, each is re
  presented by a single line.
• The podman generate kube command no longer adds the bind-mount-options annotation to generated Service YAML (#15208).

Bugfixes

• Fixed a bug where Podman could deadlock when using podman kill to send signals to containers (#15492).
• Fixed a bug where the podman image trust set command would silently discard unknown fields.
• Fixed a bug where the podman image trust show command would not show signature enforcement configuration for the default scope.
• Fixed a bug where the podman image trust show command would silently ignore multiple kinds of requirements in a single scope.
• Fixed a bug where a typo in the [email protected] unit file would cause warnings when running systemctl status on the unit.
• Fixed a bug where the --compress option to podman image save was incorrectly allowed with the oci-dir format.
• Fixed a bug where the podman container clone command did not properly clone environment variables (#15242).
• Fixed a bug where Podman would not accept environment variables with whitespace in their keys (#15251).
• Fixed a bug where Podman would not accept file paths containing the : character, preventing some commands from being used with podman machine on Windows (#15247).
• Fixed a bug where the podman top command would report new capabilities as unknown.
• Fixed a bug where running Podman in a container could cause fatal errors about an inability to create cgroups (#15498).
• Fixed a bug where the podman generate kube command could generate incorrect YAML when the bind-mount-options was used (#15170).
• Fixed a bug where generated container names were deterministic, instead of random (#15569).
• Fixed a bug where the podman events command would not work with custom --format specifiers (#15648).

API

• Fixed a bug where the Compat List endpoint for Containers did not sort the HostConfig.Binds field as Docker does.
• Fixed a bug where the Compat List endpoint for Containers send the name (instead of ID) of the image the container was based on.
• Fixed a bug where the Compat Connect endpoint for Networks would return an error (instead of 200) when attempting to connect a container to a network it was already connected to (#15499).
• Fixed a bug where the Compat Events endpoint set an incorrect status for image removal events (remove instead of delete) (#15485).

v4.2.0

Podman Desktop

As part of our work to better integrate Podman into MacOS and Windows, we have also been working on a new project, Podman Desktop, which provides a GUI to help developers interact with Podman. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies).

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, [email protected] - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
• The libpod/common package has been removed as it's not used anywhere.
• The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start ([#14251...

v4.2.0-rc3

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, [email protected] - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
• The libpod/common package has been removed as it's not used anywhere.

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
• Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
• Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
• Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
• Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([#13899](#1...

v4.2.0-RC2

This is the second release candidate for Podman v4.2.0. We expect a further RC next week, and a final release a week later. Preliminary release notes are attached.

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, [email protected] - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-contaxt, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
• Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
• Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
• Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
• Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
• Fixed a bug where the podman cp command would overwrite ...

v4.2.0-RC1

This is the first release candidate of Podman v4.2.0. Full release notes are not available at present, but will be for the next RC (expected Monday, July 18, 2022).

v4.1.1

Features

• Podman machine events are now supported on Windows.

Changes

• The output of the podman load command now mirrors that of docker load.

Bugfixes

• Fixed a bug where the podman play kube command could panic if the --log-opt option was used (#13356).
• Fixed a bug where Podman could, under some circumstances, fail to parse container cgroup paths (#14146).
• Fixed a bug where containers created with the --sdnotify=conmon option could send MAINPID twice.
• Fixed a bug where the podman info command could fail when run inside an LXC container.
• Fixed a bug where the pause image of a Pod with a custom ID mappings could not be built (BZ 2083997).
• Fixed a bug where, on podman machine VMs on Windows, containers could be prematurely terminated with API forwarding was not running (#13965).
• Fixed a bug where removing a container with a zombie exec session would fail the first time, but succeed for subsequent calls (#14252).
• Fixed a bug where a dangling ID in the database could render Podman unusable.
• Fixed a bug where containers with memory limits could not be created when Podman was run in a root cgroup (#14236).
• Fixed a bug where the --security-opt option to podman run and podman create did not support the no-new-privileges:true and no-new-privileges:false options (the only supported separator was =, not :) (#14133).
• Fixed a bug where containers that did not create a network namespace (e.g. containers created with --network none or --network ns:/path/to/ns) could not be restored from checkpoints (#14389).
• Fixed a bug where podman-restart.service could, if enabled, cause system shutdown to hang for 90 seconds (#14434).
• Fixed a bug where the podman stats command would, when run as root on a container that had the podman network disconnect command run on it or that set a custom network interface name, return an error (#13824).
• Fixed a bug where the remote Podman client's podman pod create command would error when the --uidmap option was used (#14233).
• Fixed a bug where cleaning up systemd units and timers related to healthchecks was subject to race conditions and could fail.
• Fixed a bug where the default network mode of containers created by the remote Podman client was assigned by the client, not the server (#14368).
• Fixed a bug where containers joining a pod that was created with --network=host would receive a private network namespace (#13763).
• Fixed a bug where podman machine rm --force would remove files related to the VM before stopping it, causing issues if removal was interrupted.
• Fixed a bug where podman logs would omit the last line of a container's logs if the log did not end in a newline (#14458).
• Fixed a bug where network cleanup was nonfunctional for containers which used a custom user namespace and were initialized via API (#14465).
• Fixed a bug where some options (including volumes) for containers that joined pods were overwritten by the infra container (#14454).
• Fixed a bug where the --file-locks option to podman container restore was ignored, such that file locks checkpointed by podman container checkpoint --file-locks were not restored.
• Fixed a bug where signals sent to a Podman attach session with --sig-proxy enabled at the exact moment the container that was attached to exited could cause error messages to be printed.
• Fixed a bug where running the podman machine start command more than once (simultaneously) on the same machine would cause errors.
• Fixed a bug where the podman stats command could not be run on containers that were not running (it now reports all-0s statistics for Docker compatibility) (#14498).

API

• Fixed a bug where images pulled from a private registry could not be accessed via shortname using the Compat API endpoints (#14291).
• Fixed a bug where the Compat Delete API for Images would return an incorrect status code (500) when attempting to delete images that are in use (#14208).
• Fixed a bug where the Compat Build API for Images would include the build's STDERR output even if the quiet parameter was true.
• Fixed a bug where the Libpod Play Kube API would overwrite any log driver specified by query parameter with the system default.

Misc

• The podman auto-update command now creates an event when it is run.
• Error messages printed when Podman's temporary files directory is not writable have been improved.
• Units for memory limits accepted by Podman commands were incorrectly stated by documentation as megabytes, instead of mebibytes; this has now been corrected (#14187).

v3.0.2

Changes

• The Go module has been bumped to v3. This release is intended so that the Podman bindings can be used with a v3.0 and higher API server.

This release is only intended to provide a set of Podman v3.0 Go bindings than can be used with a Podman v3 service. No user-facing changes have been made.

v4.1.0

Features

• Podman now supports Docker Compose v2.2 and higher (#11822). Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
• A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
• A new machine command has been added, podman machine inspect. This command provides details on the configuration of machine VMs.
• The podman machine set command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new --cpus, --disk-size, and --memory options (#13633).
• Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
• Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).
• VMs created by podman machine now automatically mount the host's $HOME into the VM, to allow mounting volumes from the host into containers.
• The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
• The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
• The podman play kube command will now set default resource limits when the provided YAML does not include them (#13115).
• The podman play kube command now supports a new option, --annotation, to add annotations to created containers (#12968).
• The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile (#12485).
• The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer (#12889).
• The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID (#13261) and --color, which colors messages based on what container generated them (#13266).
• The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
• The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network (#13521).
• The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
• The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers (#13265).
• The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter (#13387).
• The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format (#13922).
• The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
• The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
• The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
• The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
• The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
• The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}} (#14012).
• The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049).
• The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).

Changes

• The --net=container: option to podman run, podman create, and podman pod create now conflicts with the --add-host option.
• As part of a deprecation of the SHA1 hash algorithm within Podman, the algorithm used to generate the filename of the rootless network namespace has been changed. As a result, rootless containers started before updating to Podman 4.1.0 will need to be restarted if they are joined to a network (and not just using slirp4netns) to ensure they can connect to containers started the upgrade.
• Podman's handling of the /etc/hosts file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf: base_hosts_file (to specify a nonstandard location to source the base contents of the container's /etc/hosts) and host_containers_internal_ip (to specify a specific IP address for containers' host.containers.internal entry to point to).
• The output of the podman image trust show command now includes information on the transport mechanisms allowed.
• Podman now exits cleanly (with exit code 0) after receiving SIGTERM.
• Containers running in systemd mode now set the container_uuid environment variable (#13187).
• Renaming a container now generates an event readable through podman events.
• The --privileged and --cap-add flags are no longer mutually exclusive (#13449).
• Fixed a bug where the --mount option to podman create and podman run could not create anonymous volumes (#13756).
• Fixed a bug where Podman containers where the user did not explicitly set an OOM score adjustment would implicitly set a value of 0, instead of not setting one at all (#13731).
• The podman machine set command can no longer be used while the VM being updated is running (#13783).
• Systemd service files created by podman generate systemd are now prettyprinted for increased readability.
• The file event log driver now automatically rotates the log file, preventing it from growing beyond a set size.
• The --no-trunc flag to podman search now defaults to false, to ensure output is not overly verbose.

Bugfixes

• Fixed a bug where Podman could not add devices with a major or minor number over 256 to containers.
• Fixed a bug where containers created by the podman play kube command did not record the raw image name used to create containers.
• Fixed a bug where VMs created by podman machine could not start containers which forwarded ports when run on a host with a proxy configured (#13628).
• Fixed a bug where VMs created by the podman machine command could not be connected to when the username of the current user was sufficiently long (#12751).
• Fixed a bug where the podman system reset command on Linux did not fully remove virtual machines created by podman machine.
• Fixed a bug where the podman machine rm command would error when removing a VM that was never started (#13834).
• Fixed a bug where the remote Podman client's podman manifest push command could not push to registries that required authentication (#13629).
• Fixed a bug where containers joining a pod with volumes did not have the pod's volumes added (#13548).
• Fixed a bug where th...

v4.1.0-RC2

Features

• Podman now supports Docker Compose v2.2 and higher (#11822).
• A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
• A new machine command has been added, podman machine inspect. This command provides details on the configuration of machine VMs.
• The podman machine set command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new --cpus, --disk-size, and --memory options (#13633).
• Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
• Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).
• VMs created by podman machine now automatically mount the host's $HOME into the VM, to allow mounting volumes from the host into containers.
• The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
• The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
• The podman play kube command will now set default resource limits when the provided YAML does not include them (#13115).
• The podman play kube command now supports a new option, --annotation, to add annotations to created containers (#12968).
• The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile (#12485).
• The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer (#12889).
• The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID (#13261) and --color, which colors messages based on what container generated them (#13266).
• The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
• The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network (#13521).
• The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
• The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers (#13265).
• The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter (#13387).
• The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format (#13922).
• The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
• The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
• The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
• The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
• The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
• The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}} (#14012).
• The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049).
• The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).

Changes

• The --net=container: option to podman run, podman create, and podman pod create now conflicts with the --add-host option.
• As part of a deprecation of the SHA1 hash algorithm within Podman, the algorithm used to generate the filename of the rootless network namespace has been changed. As a result, rootless containers started before updating to Podman 4.1.0 will need to be restarted if they are joined to a network (and not just using slirp4netns) to ensure they can connect to containers started the upgrade.
• Podman's handling of the /etc/hosts file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf: base_hosts_file (to specify a nonstandard location to source the base contents of the container's /etc/hosts) and host_containers_internal_ip (to specify a specific IP address for containers' host.containers.internal entry to point to).
• The output of the podman image trust show command now includes information on the transport mechanisms allowed.
• Podman now exits cleanly (with exit code 0) after receiving SIGTERM.
• Containers running in systemd mode now set the container_uuid environment variable (#13187).
• Renaming a container now generates an event readable through podman events.
• The --privileged and --cap-add flags are no longer mutually exclusive (#13449).
• Fixed a bug where the --mount option to podman create and podman run could not create anonymous volumes (#13756).
• Fixed a bug where Podman containers where the user did not explicitly set an OOM score adjustment would implicitly set a value of 0, instead of not setting one at all (#13731).
• The podman machine set command can no longer be used while the VM being updated is running (#13783).
• Systemd service files created by podman generate systemd are now prettyprinted for increased readability.
• The file event log driver now automatically rotates the log file, preventing it from growing beyond a set size.
• The --no-trunc flag to podman search now defaults to false, to ensure output is not overly verbose.

Bugfixes

• Fixed a bug where Podman could not add devices with a major or minor number over 256 to containers.
• Fixed a bug where containers created by the podman play kube command did not record the raw image name used to create containers.
• Fixed a bug where VMs created by podman machine could not start containers which forwarded ports when run on a host with a proxy configured (#13628).
• Fixed a bug where VMs created by the podman machine command could not be connected to when the username of the current user was sufficiently long (#12751).
• Fixed a bug where the podman machine rm command would error when removing a VM that was never started (#13834).
• Fixed a bug where the remote Podman client's podman manifest push command could not push to registries that required authentication (#13629).
• Fixed a bug where containers joining a pod with volumes did not have the pod's volumes added (#13548).
• Fixed a bug where the podman version --format command could not return the OS of the server (#13690).
• Fixed a bug where the podman play kube command would error when a volume specified by a configMap already existe...