1podman(1) General Commands Manual podman(1)
2
6 podman - Simple management tool for pods, containers and images
7
10 podman [options] command
11
14 Podman (Pod Manager) is a fully featured container engine that is a
15 simple daemonless tool. Podman provides a Docker-CLI comparable
16 command line that eases the transition from other container engines and
17 allows the management of pods, containers and images. Simply put:
18 alias docker=podman. Most Podman commands can be run as a regular
19 user, without requiring additional privileges.
20 Podman uses Buildah(1) internally to create container images. Both
23 tools share image (not container) storage, hence each can use or
24 manipulate images (but not containers) created by the other.
25 podman [GLOBAL OPTIONS]
28
31 --help, -h
32 Print usage statement
35 --cgroup-manager
38 CGroup manager to use for container cgroups. Supported values are
41 cgroupfs or systemd (default). Setting this flag can cause certain
42 commands to break when called on containers created by the other CGroup
43 manager type.
44 --cpu-profile
47 Path to where the cpu performance results should be written
50 --hooks-dir=path
53 Each *.json file in the path configures a hook for Podman containers.
56 For more details on the syntax of the JSON files and the semantics of
57 hook injection, see oci-hooks(5). Podman and libpod currently support
58 both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is
59 deprecated.
60 This option may be set multiple times; paths from later options have
63 higher precedence (oci-hooks(5) discusses directory precedence).
64 For the annotation conditions, libpod uses any annotations set in the
67 generated OCI configuration.
68 For the bind-mount conditions, only mounts explicitly requested by the
71 caller via --volume are considered. Bind mounts that libpod inserts by
72 default (e.g. /dev/shm) are not considered.
73 If --hooks-dir is unset for root callers, Podman and libpod will
76 currently default to /usr/share/containers/oci/hooks.d and
77 /etc/containers/oci/hooks.d in order of increasing precedence. Using
78 these defaults is deprecated, and callers should migrate to explicitly
79 setting --hooks-dir.
80 Podman and libpod currently support an additional precreate state which
83 is called before the runtime's create operation. Unlike the other
84 stages, which receive the container state on their standard input,
85 precreate hooks receive the proposed runtime configuration on their
86 standard input. They may alter that configuration as they see fit, and
87 write the altered form to their standard output.
88 WARNING: the precreate hook lets you do powerful things, such as adding
91 additional mounts to the runtime configuration. That power also makes
92 it easy to break things. Before reporting libpod errors, try running
93 your container with precreate hooks disabled to see if the problem is
94 due to one of your hooks.
95 --log-level
98 Log messages above specified level: debug, info, warn, error (default),
101 fatal or panic
102 --namespace
105 Set libpod namespace. Namespaces are used to separate groups of
108 containers and pods in libpod's state. When namespace is set, created
109 containers and pods will join the given namespace, and only containers
110 and pods in the given namespace will be visible to Podman.
111 --root=value
114 Storage root dir in which data, including images, is stored (default:
117 "/var/lib/containers/storage" for UID 0,
118 "$HOME/.local/share/containers/storage" for other users). Default root
119 dir is configured in /etc/containers/storage.conf.
120 --runroot=value
123 Storage state directory where all state information is stored (default:
126 "/var/run/containers/storage" for UID 0, "/var/run/user/$UID/run" for
127 other users). Default state dir is configured in
128 /etc/containers/storage.conf.
129 --runtime=value
132 Name of the OCI runtime as specified in libpod.conf or absolute path to
135 the OCI compatible binary used to run containers.
136 --network-cmd-path=path Path to the command binary to use for setting
139 up a network. It is currently only used for setting up a slirp4netns
140 network. If "" is used then the binary is looked up using the $PATH
141 environment variable.
142 --storage-driver=value
145 Storage driver. The default storage driver for UID 0 is configured in
148 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
149 rootless mode), and is vfs for non-root users when fuse-overlayfs is
150 not available. The STORAGE_DRIVER environment variable overrides the
151 default. The --storage-driver specified driver overrides all.
152 Overriding this option will cause the storage-opt settings in
155 /etc/containers/storage.conf to be ignored. The user must specify
156 additional options via the --storage-opt flag.
157 --storage-opt=value
160 Storage driver option, Default storage driver options are configured in
163 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
164 rootless mode). The STORAGE_OPTS environment variable overrides the
165 default. The --storage-opt specified options overrides all.
166 --syslog
169 output logging information to syslog as well as the console
172 --version, -v
175 Print the version
178
181 The exit code from podman gives information about why the container
182 failed to run or why it exited. When podman commands exit with a
183 non-zero code, the exit codes follow the chroot standard, see below:
184 125 if the error is with podman itself
187 $ podman run --foo busybox; echo $?
190 # flag provided but not defined: --foo
191 See 'podman run --help'.
192 125
193 126 if executing a container command and the the command cannot be
197 invoked
198 $ podman run busybox /etc; echo $?
201 # exec: "/etc": permission denied
202 podman: Error response from daemon: Contained command could not be invoked
203 126
204 127 if executing a container command and the the command cannot be
208 found
209 $ podman run busybox foo; echo $?
210 # exec: "foo": executable file not found in $PATH
211 podman: Error response from daemon: Contained command not found
212 or does not exist
213 127
214 Exit code of container command otherwise
217 $ podman run busybox /bin/sh -c 'exit 3'
220 # 3
221
225 ┌──────────────────────┬────────────────────────────────┐
226 │Command │ Description │
227 ├──────────────────────┼────────────────────────────────┤
228 │podman-attach(1) │ Attach to a running container. │
229 ├──────────────────────┼────────────────────────────────┤
230 │podman-build(1) │ Build a container image using │
231 │ │ a Dockerfile. │
232 ├──────────────────────┼────────────────────────────────┤
233 │podman-commit(1) │ Create new image based on the │
234 │ │ changed container. │
235 ├──────────────────────┼────────────────────────────────┤
236 │podman-container(1) │ Manage containers. │
237 ├──────────────────────┼────────────────────────────────┤
238 │podman-cp(1) │ Copy files/folders between a │
239 │ │ container and the local │
240 │ │ filesystem. │
241 ├──────────────────────┼────────────────────────────────┤
242 │podman-create(1) │ Create a new container. │
243 ├──────────────────────┼────────────────────────────────┤
244 │podman-diff(1) │ Inspect changes on a container │
245 │ │ or image's filesystem. │
246 ├──────────────────────┼────────────────────────────────┤
247 │podman-events(1) │ Monitor Podman events │
248 ├──────────────────────┼────────────────────────────────┤
249 │podman-exec(1) │ Execute a command in a running │
250 │ │ container. │
251 ├──────────────────────┼────────────────────────────────┤
252 │podman-export(1) │ Export a container's │
253 │ │ filesystem contents as a tar │
254 │ │ archive. │
255 ├──────────────────────┼────────────────────────────────┤
256 │podman-generate(1) │ Generate structured data based │
257 │ │ for a containers and pods. │
258 ├──────────────────────┼────────────────────────────────┤
259 │podman-healthcheck(1) │ Manage healthchecks for │
260 │ │ containers │
261 ├──────────────────────┼────────────────────────────────┤
262 │podman-history(1) │ Show the history of an image. │
263 ├──────────────────────┼────────────────────────────────┤
264 │podman-image(1) │ Manage images. │
265 ├──────────────────────┼────────────────────────────────┤
266 │podman-images(1) │ List images in local storage. │
267 ├──────────────────────┼────────────────────────────────┤
268 │podman-import(1) │ Import a tarball and save it │
269 │ │ as a filesystem image. │
270 ├──────────────────────┼────────────────────────────────┤
271 │podman-info(1) │ Displays Podman related system │
272 │ │ information. │
273 ├──────────────────────┼────────────────────────────────┤
274 │podman-init(1) │ Initialize a container │
275 ├──────────────────────┼────────────────────────────────┤
276 │podman-inspect(1) │ Display a container or image's │
277 │ │ configuration. │
278 ├──────────────────────┼────────────────────────────────┤
279 │podman-kill(1) │ Kill the main process in one │
280 │ │ or more containers. │
281 ├──────────────────────┼────────────────────────────────┤
282 │podman-load(1) │ Load an image from a container │
283 │ │ image archive into container │
284 │ │ storage. │
285 ├──────────────────────┼────────────────────────────────┤
286 │podman-login(1) │ Login to a container registry. │
287 ├──────────────────────┼────────────────────────────────┤
288 │podman-logout(1) │ Logout of a container │
289 │ │ registry. │
290 ├──────────────────────┼────────────────────────────────┤
291 │podman-logs(1) │ Display the logs of a │
292 │ │ container. │
293 ├──────────────────────┼────────────────────────────────┤
294 │podman-mount(1) │ Mount a working container's │
295 │ │ root filesystem. │
296 ├──────────────────────┼────────────────────────────────┤
297 │podman-pause(1) │ Pause one or more containers. │
298 ├──────────────────────┼────────────────────────────────┤
299 │podman-play(1) │ Play pods and containers based │
300 │ │ on a structured input file. │
301 ├──────────────────────┼────────────────────────────────┤
302 │podman-pod(1) │ Management tool for groups of │
303 │ │ containers, called pods. │
304 ├──────────────────────┼────────────────────────────────┤
305 │podman-port(1) │ List port mappings for a │
306 │ │ container. │
307 ├──────────────────────┼────────────────────────────────┤
308 │podman-ps(1) │ Prints out information about │
309 │ │ containers. │
310 ├──────────────────────┼────────────────────────────────┤
311 │podman-pull(1) │ Pull an image from a registry. │
312 ├──────────────────────┼────────────────────────────────┤
313 │podman-push(1) │ Push an image from local │
314 │ │ storage to elsewhere. │
315 ├──────────────────────┼────────────────────────────────┤
316 │podman-restart(1) │ Restart one or more │
317 │ │ containers. │
318 ├──────────────────────┼────────────────────────────────┤
319 │podman-rm(1) │ Remove one or more containers. │
320 ├──────────────────────┼────────────────────────────────┤
321 │podman-rmi(1) │ Removes one or more locally │
322 │ │ stored images. │
323 ├──────────────────────┼────────────────────────────────┤
324 │podman-run(1) │ Run a command in a new │
325 │ │ container. │
326 ├──────────────────────┼────────────────────────────────┤
327 │podman-save(1) │ Save an image to a container │
328 │ │ archive. │
329 ├──────────────────────┼────────────────────────────────┤
330 │podman-search(1) │ Search a registry for an │
331 │ │ image. │
332 ├──────────────────────┼────────────────────────────────┤
333 │podman-start(1) │ Start one or more containers. │
334 ├──────────────────────┼────────────────────────────────┤
335 │podman-stats(1) │ Display a live stream of one │
336 │ │ or more container's resource │
337 │ │ usage statistics. │
338 ├──────────────────────┼────────────────────────────────┤
339 │podman-stop(1) │ Stop one or more running │
340 │ │ containers. │
341 ├──────────────────────┼────────────────────────────────┤
342 │podman-system(1) │ Manage podman. │
343 ├──────────────────────┼────────────────────────────────┤
344 │podman-tag(1) │ Add an additional name to a │
345 │ │ local image. │
346 ├──────────────────────┼────────────────────────────────┤
347 │podman-top(1) │ Display the running processes │
348 │ │ of a container. │
349 ├──────────────────────┼────────────────────────────────┤
350 │podman-umount(1) │ Unmount a working container's │
351 │ │ root filesystem. │
352 ├──────────────────────┼────────────────────────────────┤
353 │podman-unpause(1) │ Unpause one or more │
354 │ │ containers. │
355 ├──────────────────────┼────────────────────────────────┤
356 │podman-unshare(1) │ Run a command inside of a │
357 │ │ modified user namespace. │
358 ├──────────────────────┼────────────────────────────────┤
359 │podman-varlink(1) │ Runs the varlink backend │
360 │ │ interface. │
361 ├──────────────────────┼────────────────────────────────┤
362 │podman-version(1) │ Display the Podman version │
363 │ │ information. │
364 ├──────────────────────┼────────────────────────────────┤
365 │podman-volume(1) │ Manage Volumes. │
366 ├──────────────────────┼────────────────────────────────┤
367 │podman-wait(1) │ Wait on one or more containers │
368 │ │ to stop and print their exit │
369 │ │ codes. │
370 └──────────────────────┴────────────────────────────────┘
371
373 libpod.conf (/usr/share/containers/libpod.conf)
374 libpod.conf is the configuration file for all tools using libpod to manage containers, when run as root. Administrators can override the defaults file by creating `/etc/containers/libpod.conf`. When Podman runs in rootless mode, the file `$HOME/.config/containers/libpod.conf` is created and replaces some fields in the system configuration file.
377 Podman uses builtin defaults if no libpod.conf file is found.
379 mounts.conf (/usr/share/containers/mounts.conf)
383 The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`.
386 When Podman runs in rootless mode, the file
390 $HOME/.config/containers/mounts.conf will override the default if it
391 exists. Please refer to containers-mounts.conf(5) for further details.
392 policy.json (/etc/containers/policy.json)
395 Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid.
398 registries.conf (/etc/containers/registries.conf)
402 registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
405 Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults.
407 storage.conf (/etc/containers/storage.conf)
411 storage.conf is the storage configuration file for all tools using containers/storage
414 The storage configuration file specifies all of the available container storage options for tools using shared container storage.
416 When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults.
418
422 Podman can also be used as non-root user. When podman runs in rootless
423 mode, a user namespace is automatically created for the user, defined
424 in /etc/subuid and /etc/subgid.
425 Containers created by a non-root user are not visible to other users
428 and are not seen or managed by podman running as root.
429 It is required to have multiple uids/gids set for an user. Be sure the
432 user is present in the files /etc/subuid and /etc/subgid.
433 If you have a recent version of usermod, you can execute the following
436 commands to add the ranges to the files
437 $ sudo usermod --add-subuids 10000-75535 USERNAME
440 $ sudo usermod --add-subgids 10000-75535 USERNAME
441 Or just add the content manually.
445 $ echo USERNAME:10000:65536 >> /etc/subuid
448 $ echo USERNAME:10000:65536 >> /etc/subgid
449 See the subuid(5) and subgid(5) man pages for more information.
453 Images are pulled under XDG_DATA_HOME when specified, otherwise in the
456 home directory of the user under .local/share/containers/storage.
457 Currently the slirp4netns package is required to be installed to create
460 a network device, otherwise rootless containers need to run in the
461 network namespace of the host.
462
465 containers-mounts.conf(5), containers-registries.conf(5),
466 containers-storage.conf(5), buildah(1), libpod.conf(5), oci-hooks(5),
467 policy.json(5), subuid(5), subgid(5), slirp4netns(1)
468
471 Dec 2016, Originally compiled by Dan Walsh ⟨dwalsh@redhat.com⟩
472 podman(1)