Containers.conf is our main configuration file for Podman, it holds various options to tweak the default Podman behavior. In this post you see the changes that we made to containers.conf with the Podman 5.0 release.

The biggest change is making containers.conf read-only. Previously Podman modified the containers.conf file for storage of podman system connections and farms. Writing containers.conf was  problematic as it removed all comments and potentially reordered the user options. To address storing system connections and farm information, we decided to stop using containers.conf instead storing this content in a new file called podman-connections.json next to the old containers.conf file. This new file must only be managed by Podman and not edited directly by users. Podman continues to support the old config options such as [engine.service_destinations] and the [farms] section. Meaning it is still possible to add connections/farms manually if needed, this also means that backwards compatibility is given as Podman 5.0 can still read connections created with 4.X and lower. However it is no longer possible to delete such a connection with podman system connection rm. Podman-py is also updated to support reading connections from the podman-connections.json file.

Another change that was made is to support a per user config file as root. Previously Podman  only searched /usr/share/containers and /etc/containers, now it also looks for $XDG_CONFIG_HOME/containers or $HOME/.config/containers when running as root just like it does for rootless users. This is needed on systems where Podman is used both as root and rootless and a default option needs only be changed for root. Because rootless also always read /etc/containers, this was not possible before.

Containers.conf supports some new config fields:

• The retry and retry_delay options under the [engine] section allows you to specify the default retries and pause time in between retries for image pull and push operations. This is useful in case your network is not very stable and you often encounter intermittent failures. The default is 3 retries with a delay of 1 second.
• The firewall_driver option under the [network] section specifies the default firewall driver for netavark. Supported values are iptables, none (no firewall rules will be created), nftables and firewalld (firewalld is experimental at the moment and not recommended outside of testing).
• A default home directory volume for podman machine init on the hyper-V hypervisor was added allowing users to share files in the home directory with the VM by default.
• The interface_name option under the [containers] section can be set to device to let Podman assign the same network interface name in the container as on the host when using the macvlan or ipvlan network driver.