v4.0.0-RC3

This is the third release candidate of Podman v4.0.0. Preliminary release notes are below:

Features

• Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available.
• The podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.
• The podman network create command now allows the --subnet, --gateway, and --ip-range options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.
• The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.
• The podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.
• The podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.
• Macvlan networks can now configure the mode of the network via the -o mode= option.
• When using the CNI network stack, a new network driver, ipvlan, is now available.
• The podman info command will now print the network backend in use (Netavark or CNI).
• The network backend to use can be now be specified in containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.
• All Podman commands now support a new option, --noout, that suppresses all output to STDOUT.
• All commands that can remove containers (podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).
• The podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).
• The podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
• The podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).
• The podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).
• All commands that support filtering their output based on labels (e.g. podman volume ls, podman ps) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*).
• The podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).
• The podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).
• The podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.
• The podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).
• The podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).
• The podman machine init command now supports a new option, --now, to start the VM immediately after creating it.
• The podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.
• Virtual machines created by podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).
• Virtual machines created by podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.
• The podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.
• Port forwarding from VMs created using podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).
• The podman system connection rm command supports a new option, --all, to remove all available connections (#12018).
• The podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.
• The --mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.
• The --volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).
• The U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.
• The :O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.
• The :O option for volumes now supports two additional options, upperdir and workdir, which allow for specifying custom upper directories and work directories for the created overlay filesystem.
• Podman containers created from a user-specified root filesystem (via --rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.
• The podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).
• Podman supports a new log driver for containers, passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.
• The podman build command now supports two new options, --unsetenv and --all-platforms.
• The podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).
• Two new aliases for podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.
• The podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).
• The podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).
• The podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generated containers and pods to be adjusted (#11727).
• The podman play kube command now supports Kubernetes YAML that specifies volumes from a configmap.
• The podman generate systemd command now supports a new option, --template, to generate template unit files.
• The podman generate systemd command now supports a new option, --start-timeout, to override the default start timeout for generated unit files (#11618).
• The `podman generat...

v4.0.0-RC2

This is the second release candidate for Podman v4.0.0. Preliminary release notes are attached:

Features

• Podman has seen an extensive rewrite of its network stack to add support for Netavark, a new tool for configuring container networks, in addition to the existing CNI stack. Netavark will be default on new installations when it is available.
• The podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.
• The --network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.
• The podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.
• The podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.
• Macvlan networks can now configure the mode of the network via the -o mode= option.
• When using the CNI network stack, a new network driver, ipvlan, is now available.
• The podman info command will now print the network backend in use (Netavark or CNI).
• The network backend to use can be now be specified in containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.
• All Podman commands now support a new option, --noout, that suppresses all output to STDOUT.
• All commands that can remove containers (podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).
• The podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).
• The podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).
• The podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).
• The podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).
• All commands that support filtering their output based on labels (e.g. podman volume ls, podman ps) now support labels specified using regular expressions (e.g. --filter label=some.prefix.com/key/*).
• The podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).
• The podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.
• The podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).
• The podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.
• The podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).
• The podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).
• The podman machine init command now supports a new option, --now, to start the VM immediately after creating it.
• The podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.
• Virtual machines created by podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).
• Virtual machines created by podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.
• The podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.
• Port forwarding from VMs created using podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).
• The podman system connection rm command supports a new option, --all, to remove all available connections (#12018).
• The podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.
• The --mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.
• The --volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).
• The U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.
• The :O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.
• Podman containers created from a user-specified root filesystem (via --rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.
• The podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).
• Podman supports a new log driver for containers, passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.
• The podman build command now supports two new options, --unsetenv and --all-platforms.
• The podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).
• Two new aliases for podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.
• The podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).
• The podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).
• The podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generated containers and pods to be adjusted (#11727).
• The podman play kube command now supports Kubernetes YAML that specifies volumes from a configmap.
• The podman generate systemd command now supports a new option, --template, to generate template unit files.
• The podman generate systemd command now supports a new option, --start-timeout, to override the default start timeout for generated unit files (#11618).
• The podman generate systemd command now supports a new option, --restart-sec, to override the default time before a failed unit is restarted by systemd for generated unit files.
• The podman generate systemd command now supports three new options, --wants, --after, and --requires, which allow detailed control of systemd dependencies in generated unit files.
• The podman container checkpoint and podman container restore comm...

v4.0.0-RC1

This is the first release candidate for Podman v4.0.0. This is a large release with several breaking changes to the API, focusing on a complete rewrite of the Podman network stack for better support of IPv6 and Docker compatibility. Some network stack changes (e.g. the Netavark network creation tool) are not yet ready for testing, but many aspects (including the --ipv6 flag for static IPv6 addresses) are.

Full release notes are not available with this RC, but should be available in the next one.

Expected release for Podman v4.0.0 final is in early February.

v3.4.4

Bugfixes

• Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535).
• Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523).
• Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).

v3.4.3

Security

• This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
• This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.

Features

• The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).

Bugfixes

• Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
• Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
• Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
• Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
• Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
• Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
• Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
• Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
• Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
• Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
• Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
• Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
• Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
• Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
• Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).

API

• Updated the containers/image library to v5.17.0
• The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
• Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
• Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
• Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
• Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
• Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
• Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
• Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
• Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).

Misc

• Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737).

v3.4.2

Bugfixes

• Fixed a bug where podman tag could not tag manifest lists (#12046).
• Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances.
• Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207).
• Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports.
• Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995).
• Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034).
• Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713).
• Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002).
• Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054).
• Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used.
• Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
• Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727).
• Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065).
• Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored.
• Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181).
• Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735).

v3.4.1

Bugfixes

• Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824).
• Fixed a bug where the podman machine list command would not properly populate some output fields.
• Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393).
• Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782).
• Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856).
• Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously.
• Fixed a bug where the --sync flag to podman ps was nonfunctional.
• Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909).
• Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891).
• Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929).
• Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
• Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930).
• Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931).
• Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974).

API

• Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961).

v3.4.0

Features

• Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
• Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
• The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
• The podman play kube command now supports a new option, --down, which removes any pods and containers created by the given Kubernetes YAML.
• The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
• A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
• Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
• The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
• Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
• The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
• The podman image scp command has been added. This command allows images to be transferred between different hosts.
• The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
• The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
• The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
• Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
• The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
• The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
• The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
• The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
• The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).

Changes

• The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
• Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
• The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
• Podman no longer depends on ip for removing networks (#11403).
• The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
• The podman machine start command now prints a message when the VM is successfully started.
• The podman stats command can now be used on containers that are paused.
• The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
• Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
• As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.

Bugfixes

• Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
• Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
• Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
• Fixed a bug where images created by podman commit did not include ports exposed by the container.
• Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
• Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
• Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
• Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
• Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
• Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
• Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
• Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
• Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
• Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
• Fixed a bug where the podman info command could segfault when accessing cgroup information.
• Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
• Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
• Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
• Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
• Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
• Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
• Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
• Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
• Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
• Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
• Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
• Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
• Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
• Fixed a bug where the --cgroups=split option to podman create and podman run...

v3.4.0-RC2

This is the second release candidate for Podman v3.4.0. Preliminary release notes are below:

Features

• Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
• Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
• The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
• The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
• A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
• Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
• The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
• Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
• The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
• The podman image scp command has been added. This command allows images to be transferred between different hosts.
• The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
• The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
• The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
• Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
• The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
• The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.

Changes

• The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
• Podman commands run as root now ignore XDG_RUNTIME_DIR when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806.
• Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
• The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
• Podman no longer depends on ip for removing networks (#11403).
• The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
• The podman machine start command now prints a message when the VM is successfully started.
• The podman stats command can now be used on containers that are paused.
• The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
• Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
• As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.

Bugfixes

• Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
• Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
• Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
• Fixed a bug where images created by podman commit did not include ports exposed by the container.
• Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
• Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
• Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
• Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
• Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
• Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
• Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
• Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
• Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
• Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
• Fixed a bug where the podman info command could segfault when accessing cgroup information.
• Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
• Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
• Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
• Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
• Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
• Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
• Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
• Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
• Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
• Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
• Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
• Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
• Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
• Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
• Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
• Fixed a bug where the remote Podman client's podman untag command did not properly handle t...

v3.4.0-RC1

Features

• Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
• Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
• The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
• The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
• A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
• Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
• The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
• Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
• The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
• The podman image scp command has been added. This command allows images to be transferred between different hosts.
• The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
• The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
• The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
• Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
• The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
• The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.

Changes

• The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
• Podman commands run as root now ignore XDG_RUNTIME_DIR when determining where to place temporary files, which should resolve a number of issues including #10745 and #10806.
• Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
• The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
• Podman no longer depends on ip for removing networks (#11403).
• The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
• The podman machine start command now prints a message when the VM is successfully started.
• The podman stats command can now be used on containers that are paused.
• The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
• Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
• As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.

Bugfixes

• Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
• Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
• Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
• Fixed a bug where images created by podman commit did not include ports exposed by the container.
• Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
• Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
• Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
• Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
• Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
• Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
• Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
• Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
• Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
• Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
• Fixed a bug where the podman info command could segfault when accessing cgroup information.
• Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
• Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
• Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
• Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
• Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
• Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
• Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
• Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
• Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
• Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
• Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
• Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
• Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.

API

• The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
• The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
• The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields ([#11225](h...