v4.1.0-RC1

Features

• Podman now supports Docker Compose v2.2 and higher (#11822).
• A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
• A new machine command has been added, podman machine inspect. This command provides details on the configuration of machine VMs.
• Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).
• VMs created by podman machine now automatically mount the host's $HOME into the VM, to allow mounting volumes from the host into containers.
• The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
• The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
• The podman play kube command will now set default resource limits when the provided YAML does not include them (#13115).
• The podman play kube command now supports a new option, --annotation, to add annotations to created containers (#12968).
• The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile (#12485).
• The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer (#12889).
• The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID (#13261) and --color, which colors messages based on what container generated them (#13266).
• The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
• The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network (#13521).
• The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
• The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers (#13265).
• The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter (#13387).
• The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format (#13922).
• The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
• The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
• The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
• The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
• The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.

Changes

• The --net=container: option to podman run, podman create, and podman pod create now conflicts with the --add-host option.
• As part of a deprecation of the SHA1 hash algorithm within Podman, the algorithm used to generate the filename of the rootless network namespace has been changed. As a result, rootless containers started before updating to Podman 4.1.0 will need to be restarted if they are joined to a network (and not just using slirp4netns) to ensure they can connect to containers started the upgrade.
• Podman's handling of the /etc/hosts file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf: base_hosts_file (to specify a nonstandard location to source the base contents of the container's /etc/hosts) and host_containers_internal_ip (to specify a specific IP address for containers' host.containers.internal entry to point to).
• The output of the podman image trust show command now includes information on the transport mechanisms allowed.
• Podman now exits cleanly (with exit code 0) after receiving SIGTERM.
• Containers running in systemd mode now set the container_uuid environment variable (#13187).
• Renaming a container now generates an event readable through podman events.
• The --privileged and --cap-add flags are no longer mutually exclusive (#13449).
• Fixed a bug where the --mount option to podman create and podman run could not create anonymous volumes (#13756).
• Fixed a bug where Podman containers where the user did not explicitly set an OOM score adjustment would implicitly set a value of 0, instead of not setting one at all (#13731).
• The podman machine set command can no longer be used while the VM being updated is running (#13783).
• Systemd service files created by podman generate systemd are now prettyprinted for increased readability.
• The file event log driver now automatically rotates the log file, preventing it from growing beyond a set size.

Bugfixes

• Fixed a bug where Podman could not add devices with a major or minor number over 256 to containers.
• Fixed a bug where containers created by the podman play kube command did not record the raw image name used to create containers.
• Fixed a bug where VMs created by podman machine could not start containers which forwarded ports when run on a host with a proxy configured (#13628).
• Fixed a bug where VMs created by the podman machine command could not be connected to when the username of the current user was sufficiently long (#12751).
• Fixed a bug where the podman machine rm command would error when removing a VM that was never started (#13834).
• Fixed a bug where the remote Podman client's podman manifest push command could not push to registries that required authentication (#13629).
• Fixed a bug where containers joining a pod with volumes did not have the pod's volumes added (#13548).
• Fixed a bug where the podman version --format command could not return the OS of the server (#13690).
• Fixed a bug where the podman play kube command would error when a volume specified by a configMap already existed (#13715).
• Fixed a bug where the podman play kube command did not respect the hostNetwork setting in Pod YAML (#14015).
• Fixed a bug where the podman generate kube command could generate YAML with too-long labels (#13962).
• Fixed a bug where the podman logs --tail=1 command would fail when the log driver was journald and the container was restarted (#13098).
• Fixed a bug where containers created from images with a healthcheck that did not specify an interval would never run their healthchecks (#13912).
• Fixed a bug where the podman network connect and podman network disconnect commands could leave invalid entries in /etc/hosts (#13533).
• Fixed a bug where the --tls-verify option to the remote Podman client's podman build command was nonfunctional.

API

• Containers created via the Libpod Create API that set a memory limit, but not a swap limit, will automatically have a swap limit set (#13145).
• The Compat and Li...

v3.4.7

Security

• This release addresses CVE-2022-1227, where running podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.

v3.4.6

Security

• This release addresses CVE-2022-27191, where an attacker could potentially cause crashes in remote Podman by using incorrect SSH ciphers.

v3.4.5

Security

• This release addresses CVE-2022-27649, where Podman would set excess inheritable capabilities for processes in containers.

Bugfixes

• Fixed a bug where the podman images command could, under some circumstances, take an excessive amount of time to list images (#11997).

Misc

• Updates the containers/common library to v0.44.5

v4.0.3

Security

• This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.

Changes

• The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
• When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).

Bugfixes

• Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container.
• Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
• Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411).
• Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).
• Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.
• Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
• Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
• Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output.
• Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272).
• Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529).
• Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543).
• Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516).
• Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597).
• Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578).
• Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382).
• Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).
• Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).
• Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).
• Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).
• Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703).
• Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).
• Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).

API

• Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).

Misc

• The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
• Updated Buildah to v1.24.3
• Updated the containers/storage library to v1.38.3
• Updated the containers/image library to v5.19.2
• Updated the containers/common library to v0.47.5

v4.0.2

Bugfixes

• Revert "use GetRuntimeDir() from c/common"

v4.0.1

Bugfixes

• Fixed a bug where the podman play kube command did not honor the mountPropagation field in Pod YAML (#13322).
• Fixed a bug where the --build=false option to podman play kube was not honored (#13285).
• Fixed a bug where a container using volumes from another container (via --volumes-from) could, under certain circumstances, exit with errors that it could not delete some volumes if the other container did not exit before it ([#12808](https://github.com/containers/podman/issue\
  s/12808)).
• Fixed a bug where the CONTAINERS_CONF environment variable was not propagated to Conmon, which could result in Podman cleanup processes being run with incorrect configurations.

v4.0.0

Security

• This release addresses CVE-2022-1227, where running podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.

Features

• Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available.
• The podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.
• The podman network create command now allows the --subnet, --gateway, and --ip-range options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.
• The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.
• The podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.
• The podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.
• Macvlan networks can now configure the mode of the network via the -o mode= option.
• When using the CNI network stack, a new network driver, ipvlan, is now available.
• The podman info command will now print the network backend in use (Netavark or CNI).
• The network backend to use can be now be specified in containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.
• All Podman commands now support a new option, --noout, that suppresses all output to STDOUT.
• All commands that can remove containers (podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).
• The podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).
• The podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
• The podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).
• The podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).
• All commands that support filtering their output based on labels (e.g. podman volume ls, podman ps) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*).
• The podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).
• The podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).
• The podman pod create command now supports the --share-parent option, which defaults to true, controlling whether containers in the pod will use a shared cgroup parent.
• The podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.
• The podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).
• The podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).
• The podman machine init command now supports a new option, --now, to start the VM immediately after creating it.
• The podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.
• Virtual machines created by podman machine now automatically mount the Podman API socket to the host, so consumers of the Podman or Docker APIs can use them directly from the host machine (#11462).
• Virtual machines created by podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).
• Virtual machines created by podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.
• The podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.
• Port forwarding from VMs created using podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).
• The podman system connection rm command supports a new option, --all, to remove all available connections (#12018).
• The podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.
• The --mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.
• The --volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).
• The U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.
• The :O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.
• The :O option for volumes now supports two additional options, upperdir and workdir, which allow for specifying custom upper directories and work directories for the created overlay filesystem.
• Podman containers created from a user-specified root filesystem (via --rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.
• The podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).
• Podman supports a new log driver for containers, passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.
• The podman build command now supports two new options, --unsetenv and --all-platforms.
• The podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).
• Two new aliases for podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.
• The podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).
• The podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).
• The podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generate...

v4.0.0-RC5

This is the fifth release candidate of Podman v4.0.0.

Preliminary release notes follow:

Features

• Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available.
• The podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.
• The podman network create command now allows the --subnet, --gateway, and --ip-range options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.
• The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.
• The podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.
• The podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.
• Macvlan networks can now configure the mode of the network via the -o mode= option.
• When using the CNI network stack, a new network driver, ipvlan, is now available.
• The podman info command will now print the network backend in use (Netavark or CNI).
• The network backend to use can be now be specified in containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.
• All Podman commands now support a new option, --noout, that suppresses all output to STDOUT.
• All commands that can remove containers (podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).
• The podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).
• The podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
• The podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).
• The podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).
• All commands that support filtering their output based on labels (e.g. podman volume ls, podman ps) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*).
• The podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).
• The podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).
• The podman pod create command now supports the --share-parent option, which defaults to true, controlling whether containers in the pod will use a shared cgroup parent.
• The podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.
• The podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).
• The podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).
• The podman machine init command now supports a new option, --now, to start the VM immediately after creating it.
• The podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.
• Virtual machines created by podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).
• Virtual machines created by podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.
• The podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.
• Port forwarding from VMs created using podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).
• The podman system connection rm command supports a new option, --all, to remove all available connections (#12018).
• The podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.
• The --mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.
• The --volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).
• The U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.
• The :O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.
• The :O option for volumes now supports two additional options, upperdir and workdir, which allow for specifying custom upper directories and work directories for the created overlay filesystem.
• Podman containers created from a user-specified root filesystem (via --rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.
• The podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).
• Podman supports a new log driver for containers, passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.
• The podman build command now supports two new options, --unsetenv and --all-platforms.
• The podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).
• Two new aliases for podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.
• The podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).
• The podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).
• The podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generated containers and pods to be adjusted (#11727).
• The podman play kube command now supports Kubernetes YAML that specifies volumes from a configmap.
• The podman generate systemd command now supports a new option, --template, to generate template unit files.
• The podman generate systemd command now supports a new...

v4.0.0-RC4

This is the fourth release candidate for Podman v4.0.

Preliminary release notes are below:

Features

• Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available.
• The podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.
• The podman network create command now allows the --subnet, --gateway, and --ip-range options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.
• The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.
• The podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.
• The podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.
• Macvlan networks can now configure the mode of the network via the -o mode= option.
• When using the CNI network stack, a new network driver, ipvlan, is now available.
• The podman info command will now print the network backend in use (Netavark or CNI).
• The network backend to use can be now be specified in containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.
• All Podman commands now support a new option, --noout, that suppresses all output to STDOUT.
• All commands that can remove containers (podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).
• The podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).
• The podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
• The podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).
• The podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).
• All commands that support filtering their output based on labels (e.g. podman volume ls, podman ps) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*).
• The podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).
• The podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).
• The podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.
• The podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).
• The podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).
• The podman machine init command now supports a new option, --now, to start the VM immediately after creating it.
• The podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.
• Virtual machines created by podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).
• Virtual machines created by podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.
• The podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.
• Port forwarding from VMs created using podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).
• The podman system connection rm command supports a new option, --all, to remove all available connections (#12018).
• The podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.
• The --mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.
• The --volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).
• The U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.
• The :O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.
• The :O option for volumes now supports two additional options, upperdir and workdir, which allow for specifying custom upper directories and work directories for the created overlay filesystem.
• Podman containers created from a user-specified root filesystem (via --rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.
• The podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).
• Podman supports a new log driver for containers, passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.
• The podman build command now supports two new options, --unsetenv and --all-platforms.
• The podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).
• Two new aliases for podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.
• The podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).
• The podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).
• The podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generated containers and pods to be adjusted (#11727).
• The podman play kube command now supports Kubernetes YAML that specifies volumes from a configmap.
• The podman generate systemd command now supports a new option, --template, to generate template unit files.
• The podman generate systemd command now supports a new option, --start-timeout, to override the default start timeout for generated unit files (#11618).
• The `podman gene...