NAME
podman - Simple management tool for pods, containers and imagesSYNOPSIS
podman [options] commandDESCRIPTION
Podman (Pod Manager) is a fully featured container engine that is a simple daemonless tool. Podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=podman. Most Podman commands can be run as a regular user, without requiring additional privileges.GLOBAL OPTIONS
--cgroup-manager=manager
The CGroup manager to use for container cgroups. Supported values are cgroupfs or systemd. Default is systemd unless overridden in the containers.conf file.--conmon
Path of the conmon binary (Default path is configured in containers.conf)--connection, -c
Connection to use for remote podman, including Mac and Windows (excluding WSL2) machines, (Default connection is configured in containers.conf) Setting this option will switch the --remote option to true. Remote connections use local containers.conf for default.--events-backend=type
Backend to use for storing events. Allowed values are file, journald, and none. When file is specified, the events are stored under <tmpdir>/events/events.log (see --tmpdir below).--help, -h
Print usage statement--hooks-dir=path
Each *.json file in the path configures a hook for Podman containers. For more details on the syntax of the JSON files and the semantics of hook injection, see oci-hooks(5). Podman and libpod currently support both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is deprecated.--identity=path
Path to ssh identity file. If the identity file has been encrypted, podman prompts the user for the passphrase. If no identity file is provided and no user is given, podman defaults to the user running the podman command. Podman prompts for the login password on the remote server.- command line value
- environment variable CONTAINER_SSHKEY, if CONTAINER_HOST is found
- containers.conf Remote connections use local containers.conf for default.
--log-level=level
Log messages at and above specified level: debug, info, warn, error, fatal or panic (default: "warn")--namespace=namespace
Set libpod namespace. Namespaces are used to separate groups of containers and pods in libpod's state. When namespace is set, created containers and pods will join the given namespace, and only containers and pods in the given namespace will be visible to Podman.--network-cmd-path=path
Path to the command binary to use for setting up a network. It is currently only used for setting up a slirp4netns network. If "" is used then the binary is looked up using the $PATH environment variable.--network-config-dir=directory
Path to the directory where network configuration files are located. For the CNI backend the default is "/etc/cni/net.d" as root and "$HOME/.config/cni/net.d" as rootless. For the netavark backend "/etc/containers/networks" is used as root and "$graphroot/networks" as rootless.--noout
Redirect stdout to /dev/null. This command will prevent all stdout from the Podman command. The --noout option will not block stderr or stdout from containers.--remote, -r
When true, access to the Podman service will be remote. Defaults to false. Settings can be modified in the containers.conf file. If the CONTAINER_HOST environment variable is set, the --remote option defaults to true.--root=value
Storage root dir in which data, including images, is stored (default: "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/containers/storage" for other users). Default root dir configured in /etc/containers/storage.conf.--runroot=value
Storage state directory where all state information is stored (default: "/run/containers/storage" for UID 0, "/run/user/$UID/run" for other users). Default state dir configured in /etc/containers/storage.conf.--runtime=value
Name of the OCI runtime as specified in containers.conf or absolute path to the OCI compatible binary used to run containers.--runtime-flag=flag
Adds global flags for the container runtime. To list the supported flags, please consult the manpages of the selected container runtime ( runc is the default runtime, the manpage to consult is runc(8). When the machine is configured for cgroup V2, the default runtime is crun, the manpage to consult is crun(8).).--ssh=value
This option allows the user to change the ssh mode, meaning that rather than using the default golang mode, one can instead use --ssh=native to use the installed ssh binary and config file declared in containers.conf.--storage-driver=value
Storage driver. The default storage driver for UID 0 is configured in /etc/containers/storage.conf ( $HOME/.config/containers/storage.conf in rootless mode), and is vfs for non-root users when fuse-overlayfs is not available. The STORAGE_DRIVER environment variable overrides the default. The --storage-driver specified driver overrides all.--storage-opt=value
Storage driver option, Default storage driver options are configured in /etc/containers/storage.conf ( $HOME/.config/containers/storage.conf in rootless mode). The STORAGE_OPTS environment variable overrides the default. The --storage-opt specified options overrides all. If you specify --storage-opt="", no storage options will be used.--syslog
Output logging information to syslog as well as the console (default false).--tmpdir
Path to the tmp directory, for libpod runtime content. Defaults to $XDG\_RUNTIME\_DIR/libpod/tmp as rootless and run/libpod/tmp as rootful.--url=value
URL to access Podman service (default from containers.conf, rootless unix://run/user/$UID/podman/podman.sock or as root unix://run/podman/podman.sock). Setting this option will switch the --remote option to true.- •
- CONTAINER_HOST is of the format <schema>://[<user[:<password>]@]<host>[:<port>][<path>]
- schema is one of:
* ssh (default): a local unix(7) socket on the named host and port, reachable via SSH
* tcp: an unencrypted, unauthenticated TCP connection to the named host and port
* unix: a local unix(7) socket at the specified path, or the default for the user
- user will default to either root or the current running user (ssh only)
- password has no default (ssh only)
- host must be provided and is either the IP or name of the machine hosting the Podman service ( ssh and tcp)
- port defaults to 22 (ssh and tcp)
- path defaults to either /run/podman/podman.sock, or /run/user/$UID/podman/podman.sock if running rootless ( unix), or must be explicitly specified ( ssh)
- command line value
- environment variable CONTAINER_HOST
- containers.conf service_destinations table
- unix://run/podman/podman.sock
- unix://run/podman/podman.sock
- unix://run/user/$UID/podman/podman.sock
- ssh://notroot@localhost:22/run/user/$UID/podman/podman.sock
- ssh://root@localhost:22/run/podman/podman.sock
- tcp://localhost:34451
- tcp://127.0.0.1:34451
--version, -v
Print the version--volumepath=value
Volume directory where builtin volume information is stored (default: "/var/lib/containers/storage/volumes" for UID 0, "$HOME/.local/share/containers/storage/volumes" for other users). Default volume path can be overridden in containers.conf.Environment Variables
Podman can set up environment variables from env of [engine] table in containers.conf. These variables can be overridden by passing environment variables before the podman commands.CONTAINERS_CONF
Set default locations of containers.conf fileCONTAINERS_REGISTRIES_CONF
Set default location of the registries.conf file.CONTAINERS_STORAGE_CONF
Set default location of the storage.conf file.CONTAINER_CONNECTION
Override default --connection value to access Podman service. Also enabled --remote option.CONTAINER_HOST
Set default --url value to access Podman service. Also enabled --remote option.CONTAINER_SSHKEY
Set default --identity path to ssh key file value used to access Podman service.STORAGE_DRIVER
Set default --storage-driver value.STORAGE_OPTS
Set default --storage-opts value.TMPDIR
Set the temporary storage location of downloaded container images. Podman defaults to use /var/tmp.XDG_CONFIG_HOME
In Rootless mode configuration files are read from XDG_CONFIG_HOME when specified, otherwise in the home directory of the user under $HOME/.config/containers.XDG_DATA_HOME
In Rootless mode images are pulled under XDG_DATA_HOME when specified, otherwise in the home directory of the user under $HOME/.local/share/containers/storage.XDG_RUNTIME_DIR
In Rootless mode temporary configuration data is stored in ${XDG_RUNTIME_DIR}/containers.Remote Access
The Podman command can be used with remote services using the --remote flag. Connections can be made using local unix domain sockets, ssh or directly to tcp sockets. When specifying the podman --remote flag, only the global options --url, --identity, --log-level, --connection are used.Exit Codes
The exit code from podman gives information about why the container failed to run or why it exited. When podman commands exit with a non-zero code, the exit codes follow the chroot standard, see below:$ podman run --foo busybox; echo $? Error: unknown flag: --foo 125
$ podman run busybox /etc; echo $? Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error 126
$ podman run busybox foo; echo $?
Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error
127
$ podman run busybox /bin/sh -c 'exit 3'; echo $? 3
COMMANDS
| Command | Description |
| podman-attach(1) | Attach to a running container. |
| podman-auto-update(1) | Auto update containers according to their auto-update policy |
| podman-build(1) | Build a container image using a Containerfile. |
| podman-commit(1) | Create new image based on the changed container. |
| podman-completion(1) | Generate shell completion scripts |
| podman-container(1) | Manage containers. |
| podman-cp(1) | Copy files/folders between a container and the local filesystem. |
| podman-create(1) | Create a new container. |
| podman-diff(1) | Inspect changes on a container or image's filesystem. |
| podman-events(1) | Monitor Podman events |
| podman-exec(1) | Execute a command in a running container. |
| podman-export(1) | Export a container's filesystem contents as a tar archive. |
| podman-generate(1) | Generate structured data based on containers, pods or volumes. |
| podman-healthcheck(1) | Manage healthchecks for containers |
| podman-history(1) | Show the history of an image. |
| podman-image(1) | Manage images. |
| podman-images(1) | List images in local storage. |
| podman-import(1) | Import a tarball and save it as a filesystem image. |
| podman-info(1) | Displays Podman related system information. |
| podman-init(1) | Initialize one or more containers |
| podman-inspect(1) | Display a container, image, volume, network, or pod's configuration. |
| podman-kill(1) | Kill the main process in one or more containers. |
| podman-load(1) | Load image(s) from a tar archive into container storage. |
| podman-login(1) | Login to a container registry. |
| podman-logout(1) | Logout of a container registry. |
| podman-logs(1) | Display the logs of one or more containers. |
| podman-machine(1) | Manage Podman's virtual machine |
| podman-manifest(1) | Create and manipulate manifest lists and image indexes. |
| podman-mount(1) | Mount a working container's root filesystem. |
| podman-network(1) | Manage Podman networks. |
| podman-pause(1) | Pause one or more containers. |
| podman-kube(1) | Play containers, pods or volumes based on a structured input file. |
| podman-pod(1) | Management tool for groups of containers, called pods. |
| podman-port(1) | List port mappings for a container. |
| podman-ps(1) | Prints out information about containers. |
| podman-pull(1) | Pull an image from a registry. |
| podman-push(1) | Push an image, manifest list or image index from local storage to elsewhere. |
| podman-rename(1) | Rename an existing container. |
| podman-restart(1) | Restart one or more containers. |
| podman-rm(1) | Remove one or more containers. |
| podman-rmi(1) | Removes one or more locally stored images. |
| podman-run(1) | Run a command in a new container. |
| podman-save(1) | Save image(s) to an archive. |
| podman-search(1) | Search a registry for an image. |
| podman-secret(1) | Manage podman secrets. |
| podman-start(1) | Start one or more containers. |
| podman-stats(1) | Display a live stream of one or more container's resource usage statistics. |
| podman-stop(1) | Stop one or more running containers. |
| podman-system(1) | Manage podman. |
| podman-tag(1) | Add an additional name to a local image. |
| podman-top(1) | Display the running processes of a container. |
| podman-unmount(1) | Unmount a working container's root filesystem. |
| podman-unpause(1) | Unpause one or more containers. |
| podman-unshare(1) | Run a command inside of a modified user namespace. |
| podman-untag(1) | Removes one or more names from a locally-stored image. |
| podman-update(1) | Updates the cgroup configuration of a given container. |
| podman-version(1) | Display the Podman version information. |
| podman-volume(1) | Simple management tool for volumes. |
| podman-wait(1) | Wait on one or more containers to stop and print their exit codes. |
CONFIGURATION FILES
containers.conf (/usr/share/containers/containers.conf, /etc/containers/containers.conf, $HOME/.config/containers/containers.conf)Rootless mode
Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid.$ sudo usermod --add-subuids 10000-75535 USERNAME $ sudo usermod --add-subgids 10000-75535 USERNAME
$ echo USERNAME:10000:65536 >> /etc/subuid $ echo USERNAME:10000:65536 >> /etc/subgid