podman
-
Migration of Podman 4 to Podman 5 machines
Read more: Migration of Podman 4 to Podman 5 machinesLast week, I mentioned that Podman 5 is right around the corner and that more specific posts, especially about Podman machine, would be forthcoming. One of the biggest questions we receive when discussing Podman 5 is about migration of its machines. What is the migration path? The simple answer is that there is no upgrade…
-
Podman 5.0 containers.conf changes
Read more: Podman 5.0 containers.conf changesContainers.conf is our main configuration file for Podman, it holds various options to tweak the default Podman behavior. In this post you see the changes that we made to containers.conf with the Podman 5.0 release. The biggest change is making containers.conf read-only. Previously Podman modified the containers.conf file for storage of podman system connections and…
-
Podman 5.0 is around the corner
Read more: Podman 5.0 is around the cornerIn the coming days, the upstream Podman project will be releasing a major new version: Podman 5.0. When we decide to change our major version, it is because of changes to our API API or how Podman interacts with users. It is also an inflection point for introducing new technologies, setting new defaults, and for…
-
Interaction between User namespaces and Capabilities
Read more: Interaction between User namespaces and CapabilitiesUser namespaces and capabilities are important kernel functionality to make containers secure. They allow to better isolate containers and limit the privileges a container might have. A while back a user reported a bug where some odd behavior was noticed when namespaces are shared between containers which could lead to security problems. Lets take closer…
-
Podman v4.8 released!
Read more: Podman v4.8 released!We’re excited to announce that Podman v4.8.0 has been released! This release includes over 20 features and over 20 bugfixes each. Some highlights include: For a full list of changes, see our GitHub release page. Big thanks to our contributors and community! Try it out and let us know what you think! Upcoming Deprecation Notices:…
-
New Netavark firewalld reload service
Read more: New Netavark firewalld reload serviceOne longstanding problem with Podman is that your rootful containers may loose network connectivity after a while. For many users it is not be obvious what is causing such problems. Netavark configures NAT and port forwarding firewall rules. When another process is deleting our firewall rules the containers will loose connectivity. One such process is…
-
Podman’s main branch is now 5.0.0-dev
Read more: Podman’s main branch is now 5.0.0-devWe recently branched Podman 4.8 for a soon to be release. But the big news is our main branch is now 5.0.0-dev. For our users, this means a new major version of Podman has begun its genesis. What can users expect? We plan to begin releases of Podman 5.0.0 in early 2024. At this point,…
-
CNI deprecation and removal from Podman 5.0
Read more: CNI deprecation and removal from Podman 5.0As written in an earlier blog by Brent we are going to replace the older CNI stack Netavark and Aardvark-dns. With Podman 5.0 on the horizon we have decided that it will be the perfect time to drop CNI support from our upstream builds. As mentioned in the prior blog post we will most likely…
-
Why does SELinux container policy allow all Linux capabilities?
Read more: Why does SELinux container policy allow all Linux capabilities?I recently had a discussion in a container-selinux issue on why we allow certain capabilities by default for containers. The conversation is around DAC_OVERRIDE, a Linux capability which allows privileged processes, usually root, to ignore ownership and read/write permissions Discretionary Access Control (DAC). “As @wrabcak notes in Why do you see DAC_OVERRIDE SELinux denials?, In…
-
Podman Performance: Root and Rootless
Read more: Podman Performance: Root and RootlessOne of the frequent complaints I hear from users moving to Podman is about performance. I’ve always found this confusing, as the Podman team has spent significant time and effort on improving our performance, and we are quite confident that our speed is broadly comparable to Docker. Indeed, an academic paper found that Podman was…
Subscribe
Sign up with your email address to receive updates by email from this website.
Latest news
- Podman 6 Release Delayed
- Podman Standups!
- Closing the Performance Gap: Automating Podman Benchmarks Across Linux, macOS, and Windows
- Podman, Buildah, and Skopeo import paths
- Faster Podman Workloads on macOS and Windows
Categories
- Advanced (11)
- Announcement (28)
- Articles (5)
- Blog (23)
- Buildah (3)
- Community (6)
- New Feature (12)
- Newcomer (23)
- Podman (22)
- Podman Desktop (2)
- Releases (4)
- Skopeo (3)
- Tips and Tricks (19)
- Tutorials (3)
- Uncategorized (14)