1podman(1)() podman(1)()
2
6 podman - Simple management tool for pods, containers and images
7
10 podman [options] command
11
14 Podman (Pod Manager) is a fully featured container engine that is a
15 simple daemonless tool. Podman provides a Docker-CLI comparable com‐
16 mand line that eases the transition from other container engines and
17 allows the management of pods, containers and images. Simply put:
18 alias docker=podman. Most Podman commands can be run as a regular
19 user, without requiring additional privileges.
20 Podman uses Buildah(1) internally to create container images. Both
23 tools share image (not container) storage, hence each can use or manip‐
24 ulate images (but not containers) created by the other.
25 Default settings for flags are defined in containers.conf. Most set‐
28 tings for Remote connections use the server's containers.conf, except
29 when documented in man pages.
30 podman [GLOBAL OPTIONS]
33
36 --cgroup-manager=manager
37 The CGroup manager to use for container cgroups. Supported values are
38 cgroupfs or systemd. Default is systemd unless overridden in the con‐
39 tainers.conf file.
40 Note: Setting this flag can cause certain commands to break when called
43 on containers previously created by the other CGroup manager type.
44 Note: CGroup manager is not supported in rootless mode when using
45 CGroups Version V1.
46 --cni-config-dir
49 Path of the configuration directory for CNI networks. (Default:
50 /etc/cni/net.d)
51 --connection, -c
54 Connection to use for remote podman (Default connection is configured
55 in containers.conf) Remote connections use local containers.conf for
56 default.
57 --conmon
60 Path of the conmon binary (Default path is configured in contain‐
61 ers.conf)
62 --events-backend=type
65 Backend to use for storing events. Allowed values are file, journald,
66 and none. When file is specified, the events are stored under a subdi‐
67 rectory of the tmpdir location (see --tmpdir below).
68 --help, -h
71 Print usage statement
72 --hooks-dir=path
75 Each *.json file in the path configures a hook for Podman containers.
76 For more details on the syntax of the JSON files and the semantics of
77 hook injection, see oci-hooks(5). Podman and libpod currently support
78 both the 1.0.0 and 0.1.0 hook schemas, although the 0.1.0 schema is
79 deprecated.
80 This option may be set multiple times; paths from later options have
83 higher precedence (oci-hooks(5) discusses directory precedence).
84 For the annotation conditions, libpod uses any annotations set in the
87 generated OCI configuration.
88 For the bind-mount conditions, only mounts explicitly requested by the
91 caller via --volume are considered. Bind mounts that libpod inserts by
92 default (e.g. /dev/shm) are not considered.
93 If --hooks-dir is unset for root callers, Podman and libpod will cur‐
96 rently default to /usr/share/containers/oci/hooks.d and /etc/contain‐
97 ers/oci/hooks.d in order of increasing precedence. Using these de‐
98 faults is deprecated, and callers should migrate to explicitly setting
99 --hooks-dir.
100 Podman and libpod currently support an additional precreate state which
103 is called before the runtime's create operation. Unlike the other
104 stages, which receive the container state on their standard input,
105 precreate hooks receive the proposed runtime configuration on their
106 standard input. They may alter that configuration as they see fit, and
107 write the altered form to their standard output.
108 WARNING: the precreate hook lets you do powerful things, such as adding
111 additional mounts to the runtime configuration. That power also makes
112 it easy to break things. Before reporting libpod errors, try running
113 your container with precreate hooks disabled to see if the problem is
114 due to one of your hooks.
115 --identity=path
118 Path to ssh identity file. If the identity file has been encrypted,
119 podman prompts the user for the passphrase. If no identity file is
120 provided and no user is given, podman defaults to the user running the
121 podman command. Podman prompts for the login password on the remote
122 server.
123 Identity value resolution precedence:
126 - command line value
127 - environment variable CONTAINER_SSHKEY, if CONTAINER_HOST is found
128 - containers.conf Remote connections use local containers.conf for de‐
129 fault.
130 --log-level=level
133 Log messages at and above specified level: debug, info, warn, error,
134 fatal or panic (default: "warn")
135 --namespace=namespace
138 Set libpod namespace. Namespaces are used to separate groups of con‐
139 tainers and pods in libpod's state. When namespace is set, created
140 containers and pods will join the given namespace, and only containers
141 and pods in the given namespace will be visible to Podman.
142 --network-cmd-path=path
145 Path to the command binary to use for setting up a network. It is cur‐
146 rently only used for setting up a slirp4netns network. If "" is used
147 then the binary is looked up using the $PATH environment variable.
148 --remote, -r
151 Access Podman service will be remote Remote connections use local con‐
152 tainers.conf for default.
153 --url=value
156 URL to access Podman service (default from containers.conf, rootless
157 unix://run/user/$UID/podman/podman.sock or as root unix://run/pod‐
158 man/podman.sock).
159 • CONTAINER_HOST is of the format <schema>://[<user[:<pass‐
162 word>]@]<host>[:<port>][<path>]
163 Details:
167 - user will default to either root or current running user
168 - password has no default
169 - host must be provided and is either the IP or name of the machine
170 hosting the Podman service
171 - port defaults to 22
172 - path defaults to either /run/podman/podman.sock, or
173 /run/user/<uid>/podman/podman.sock if running rootless.
174 URL value resolution precedence:
177 - command line value
178 - environment variable CONTAINER_HOST
179 - containers.conf
180 - unix://run/podman/podman.sock Remote connections use local contain‐
181 ers.conf for default.
182 --root=value
185 Storage root dir in which data, including images, is stored (default:
186 "/var/lib/containers/storage" for UID 0, "$HOME/.local/share/contain‐
187 ers/storage" for other users). Default root dir configured in
188 /etc/containers/storage.conf.
189 Overriding this option will cause the storage-opt settings in /etc/con‐
192 tainers/storage.conf to be ignored. The user must specify additional
193 options via the --storage-opt flag.
194 --runroot=value
197 Storage state directory where all state information is stored (default:
198 "/run/containers/storage" for UID 0, "/run/user/$UID/run" for other
199 users). Default state dir configured in /etc/containers/storage.conf.
200 --runtime=value
203 Name of the OCI runtime as specified in containers.conf or absolute
204 path to the OCI compatible binary used to run containers.
205 --runtime-flag=flag
208 Adds global flags for the container runtime. To list the supported
209 flags, please consult the manpages of the selected container runtime
210 (runc is the default runtime, the manpage to consult is runc(8). When
211 the machine is configured for cgroup V2, the default runtime is crun,
212 the manpage to consult is crun(8).).
213 Note: Do not pass the leading -- to the flag. To pass the runc flag
216 --log-format json to podman build, the option given would be --runtime-
217 flag log-format=json.
218 --storage-driver=value
221 Storage driver. The default storage driver for UID 0 is configured in
222 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
223 rootless mode), and is vfs for non-root users when fuse-overlayfs is
224 not available. The STORAGE_DRIVER environment variable overrides the
225 default. The --storage-driver specified driver overrides all.
226 Overriding this option will cause the storage-opt settings in /etc/con‐
229 tainers/storage.conf to be ignored. The user must specify additional
230 options via the --storage-opt flag.
231 --storage-opt=value
234 Storage driver option, Default storage driver options are configured in
235 /etc/containers/storage.conf ($HOME/.config/containers/storage.conf in
236 rootless mode). The STORAGE_OPTS environment variable overrides the de‐
237 fault. The --storage-opt specified options overrides all. If you spec‐
238 ify --storage-opt="", no storage options will be used.
239 --syslog=true|false
242 Output logging information to syslog as well as the console (default
243 false).
244 On remote clients, logging is directed to the file $HOME/.config/con‐
247 tainers/podman.log.
248 --tmpdir
251 Path to the tmp directory, for libpod runtime content.
252 NOTE --tmpdir is not used for the temporary storage of downloaded im‐
255 ages. Use the environment variable TMPDIR to change the temporary
256 storage location of downloaded container images. Podman defaults to use
257 /var/tmp.
258 --version, -v
261 Print the version
262
265 Podman can set up environment variables from env of [engine] table in
266 containers.conf. These variables can be overridden by passing environ‐
267 ment variables before the podman commands.
268
271 The Podman command can be used with remote services using the --remote
272 flag. Connections can be made using local unix domain sockets, ssh or
273 directly to tcp sockets. When specifying the podman --remote flag, only
274 the global options --url, --identity, --log-level, --connection are
275 used.
276 Connection information can also be managed using the containers.conf
279 file.
280
283 The exit code from podman gives information about why the container
284 failed to run or why it exited. When podman commands exit with a non-
285 zero code, the exit codes follow the chroot standard, see below:
286 125 The error is with podman itself
289 $ podman run --foo busybox; echo $?
292 Error: unknown flag: --foo
293 125
294 126 Executing a contained command and the command cannot be invoked
298 $ podman run busybox /etc; echo $?
301 Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error
302 126
303 127 Executing a contained command and the command cannot be found
307 $ podman run busybox foo; echo $?
308 Error: container_linux.go:346: starting container process caused
309 "exec: \"foo\": executable file not found in $PATH": OCI runtime error
310 127
311 Exit code contained command exit code
314 $ podman run busybox /bin/sh -c 'exit 3'; echo $?
317 3
318
322 ┌──────────────────────┬────────────────────────────────┐
323 │Command │ Description │
324 ├──────────────────────┼────────────────────────────────┤
325 │podman-attach(1) │ Attach to a running container. │
326 ├──────────────────────┼────────────────────────────────┤
327 │podman-auto-update(1) │ Auto update containers accord‐ │
328 │ │ ing to their auto-update pol‐ │
329 │ │ icy │
330 ├──────────────────────┼────────────────────────────────┤
331 │podman-build(1) │ Build a container image using │
332 │ │ a Containerfile. │
333 ├──────────────────────┼────────────────────────────────┤
334 │podman-commit(1) │ Create new image based on the │
335 │ │ changed container. │
336 ├──────────────────────┼────────────────────────────────┤
337 │podman-completion(1) │ Generate shell completion │
338 │ │ scripts │
339 ├──────────────────────┼────────────────────────────────┤
340 │podman-container(1) │ Manage containers. │
341 ├──────────────────────┼────────────────────────────────┤
342 │podman-cp(1) │ Copy files/folders between a │
343 │ │ container and the local │
344 │ │ filesystem. │
345 ├──────────────────────┼────────────────────────────────┤
346 │podman-create(1) │ Create a new container. │
347 ├──────────────────────┼────────────────────────────────┤
348 │podman-diff(1) │ Inspect changes on a container │
349 │ │ or image's filesystem. │
350 ├──────────────────────┼────────────────────────────────┤
351 │podman-events(1) │ Monitor Podman events │
352 ├──────────────────────┼────────────────────────────────┤
353 │podman-exec(1) │ Execute a command in a running │
354 │ │ container. │
355 ├──────────────────────┼────────────────────────────────┤
356 │podman-export(1) │ Export a container's filesys‐ │
357 │ │ tem contents as a tar archive. │
358 ├──────────────────────┼────────────────────────────────┤
359 │podman-generate(1) │ Generate structured data based │
360 │ │ on containers, pods or vol‐ │
361 │ │ umes. │
362 ├──────────────────────┼────────────────────────────────┤
363 │podman-healthcheck(1) │ Manage healthchecks for con‐ │
364 │ │ tainers │
365 ├──────────────────────┼────────────────────────────────┤
366 │podman-history(1) │ Show the history of an image. │
367 ├──────────────────────┼────────────────────────────────┤
368 │podman-image(1) │ Manage images. │
369 ├──────────────────────┼────────────────────────────────┤
370 │podman-images(1) │ List images in local storage. │
371 ├──────────────────────┼────────────────────────────────┤
372 │podman-import(1) │ Import a tarball and save it │
373 │ │ as a filesystem image. │
374 ├──────────────────────┼────────────────────────────────┤
375 │podman-info(1) │ Displays Podman related system │
376 │ │ information. │
377 ├──────────────────────┼────────────────────────────────┤
378 │podman-init(1) │ Initialize one or more con‐ │
379 │ │ tainers │
380 ├──────────────────────┼────────────────────────────────┤
381 │podman-inspect(1) │ Display a container, image, │
382 │ │ volume, network, or pod's con‐ │
383 │ │ figuration. │
384 ├──────────────────────┼────────────────────────────────┤
385 │podman-kill(1) │ Kill the main process in one │
386 │ │ or more containers. │
387 ├──────────────────────┼────────────────────────────────┤
388 │podman-load(1) │ Load image(s) from a tar ar‐ │
389 │ │ chive into container storage. │
390 ├──────────────────────┼────────────────────────────────┤
391 │podman-login(1) │ Login to a container registry. │
392 ├──────────────────────┼────────────────────────────────┤
393 │podman-logout(1) │ Logout of a container reg‐ │
394 │ │ istry. │
395 ├──────────────────────┼────────────────────────────────┤
396 │podman-logs(1) │ Display the logs of one or │
397 │ │ more containers. │
398 ├──────────────────────┼────────────────────────────────┤
399 │podman-machine(1) │ Manage Podman's virtual ma‐ │
400 │ │ chine │
401 ├──────────────────────┼────────────────────────────────┤
402 │podman-manifest(1) │ Create and manipulate manifest │
403 │ │ lists and image indexes. │
404 ├──────────────────────┼────────────────────────────────┤
405 │podman-mount(1) │ Mount a working container's │
406 │ │ root filesystem. │
407 ├──────────────────────┼────────────────────────────────┤
408 │podman-network(1) │ Manage Podman CNI networks. │
409 ├──────────────────────┼────────────────────────────────┤
410 │podman-pause(1) │ Pause one or more containers. │
411 ├──────────────────────┼────────────────────────────────┤
412 │podman-play(1) │ Play containers, pods or vol‐ │
413 │ │ umes based on a structured in‐ │
414 │ │ put file. │
415 ├──────────────────────┼────────────────────────────────┤
416 │podman-pod(1) │ Management tool for groups of │
417 │ │ containers, called pods. │
418 ├──────────────────────┼────────────────────────────────┤
419 │podman-port(1) │ List port mappings for a con‐ │
420 │ │ tainer. │
421 ├──────────────────────┼────────────────────────────────┤
422 │podman-ps(1) │ Prints out information about │
423 │ │ containers. │
424 ├──────────────────────┼────────────────────────────────┤
425 │podman-pull(1) │ Pull an image from a registry. │
426 ├──────────────────────┼────────────────────────────────┤
427 │podman-push(1) │ Push an image, manifest list │
428 │ │ or image index from local │
429 │ │ storage to elsewhere. │
430 ├──────────────────────┼────────────────────────────────┤
431 │podman-rename(1) │ Rename an existing container. │
432 ├──────────────────────┼────────────────────────────────┤
433 │podman-restart(1) │ Restart one or more contain‐ │
434 │ │ ers. │
435 ├──────────────────────┼────────────────────────────────┤
436 │podman-rm(1) │ Remove one or more containers. │
437 ├──────────────────────┼────────────────────────────────┤
438 │podman-rmi(1) │ Removes one or more locally │
439 │ │ stored images. │
440 ├──────────────────────┼────────────────────────────────┤
441 │podman-run(1) │ Run a command in a new con‐ │
442 │ │ tainer. │
443 ├──────────────────────┼────────────────────────────────┤
444 │podman-save(1) │ Save image(s) to an archive. │
445 ├──────────────────────┼────────────────────────────────┤
446 │podman-search(1) │ Search a registry for an im‐ │
447 │ │ age. │
448 ├──────────────────────┼────────────────────────────────┤
449 │podman-secret(1) │ Manage podman secrets. │
450 ├──────────────────────┼────────────────────────────────┤
451 │podman-start(1) │ Start one or more containers. │
452 ├──────────────────────┼────────────────────────────────┤
453 │podman-stats(1) │ Display a live stream of one │
454 │ │ or more container's resource │
455 │ │ usage statistics. │
456 ├──────────────────────┼────────────────────────────────┤
457 │podman-stop(1) │ Stop one or more running con‐ │
458 │ │ tainers. │
459 ├──────────────────────┼────────────────────────────────┤
460 │podman-system(1) │ Manage podman. │
461 ├──────────────────────┼────────────────────────────────┤
462 │podman-tag(1) │ Add an additional name to a │
463 │ │ local image. │
464 ├──────────────────────┼────────────────────────────────┤
465 │podman-top(1) │ Display the running processes │
466 │ │ of a container. │
467 ├──────────────────────┼────────────────────────────────┤
468 │podman-unmount(1) │ Unmount a working container's │
469 │ │ root filesystem. │
470 ├──────────────────────┼────────────────────────────────┤
471 │podman-unpause(1) │ Unpause one or more contain‐ │
472 │ │ ers. │
473 ├──────────────────────┼────────────────────────────────┤
474 │podman-unshare(1) │ Run a command inside of a mod‐ │
475 │ │ ified user namespace. │
476 ├──────────────────────┼────────────────────────────────┤
477 │podman-untag(1) │ Removes one or more names from │
478 │ │ a locally-stored image. │
479 ├──────────────────────┼────────────────────────────────┤
480 │podman-version(1) │ Display the Podman version in‐ │
481 │ │ formation. │
482 ├──────────────────────┼────────────────────────────────┤
483 │podman-volume(1) │ Simple management tool for │
484 │ │ volumes. │
485 ├──────────────────────┼────────────────────────────────┤
486 │podman-wait(1) │ Wait on one or more containers │
487 │ │ to stop and print their exit │
488 │ │ codes. │
489 └──────────────────────┴────────────────────────────────┘
490
492 containers.conf (/usr/share/containers/containers.conf, /etc/contain‐
493 ers/containers.conf, $HOME/.config/containers/containers.conf)
494 Podman has builtin defaults for command line options. These defaults
497 can be overridden using the containers.conf configuration files.
498 Distributions ship the /usr/share/containers/containers.conf file with
501 their default settings. Administrators can override fields in this file
502 by creating the /etc/containers/containers.conf file. Users can fur‐
503 ther modify defaults by creating the $HOME/.config/containers/contain‐
504 ers.conf file. Podman merges its builtin defaults with the specified
505 fields from these files, if they exist. Fields specified in the users
506 file override the administrator's file, which overrides the distribu‐
507 tion's file, which override the built-in defaults.
508 Podman uses builtin defaults if no containers.conf file is found.
511 If the CONTAINERS_CONF environment variable is set, then its value is
514 used for the containers.conf file rather than the default.
515 mounts.conf (/usr/share/containers/mounts.conf)
518 The mounts.conf file specifies volume mount directories that are auto‐
521 matically mounted inside containers when executing the podman run or
522 podman start commands. Administrators can override the defaults file by
523 creating /etc/containers/mounts.conf.
524 When Podman runs in rootless mode, the file $HOME/.config/contain‐
527 ers/mounts.conf will override the default if it exists. Please refer to
528 containers-mounts.conf(5) for further details.
529 policy.json (/etc/containers/policy.json)
532 Signature verification policy files are used to specify policy, e.g.
535 trusted keys, applicable when deciding whether to accept an image, or
536 individual signatures of that image, as valid.
537 registries.conf (/etc/containers/registries.conf, $HOME/.config/con‐
540 tainers/registries.conf)
541 registries.conf is the configuration file which specifies which con‐
544 tainer registries should be consulted when completing image names which
545 do not include a registry or domain portion.
546 Non root users of Podman can create the $HOME/.config/containers/reg‐
549 istries.conf file to be used instead of the system defaults.
550 If the CONTAINERS_REGISTRIES_CONF environment variable is set, then its
553 value is used for the registries.conf file rather than the default.
554 storage.conf (/etc/containers/storage.conf, $HOME/.config/contain‐
557 ers/storage.conf)
558 storage.conf is the storage configuration file for all tools using con‐
561 tainers/storage
562 The storage configuration file specifies all of the available container
565 storage options for tools using shared container storage.
566 When Podman runs in rootless mode, the file $HOME/.config/contain‐
569 ers/storage.conf is used instead of the system defaults.
570 If the CONTAINERS_STORAGE_CONF environment variable is set, the its
573 value is used for the storage.conf file rather than the default.
574
577 Podman can also be used as non-root user. When podman runs in rootless
578 mode, a user namespace is automatically created for the user, defined
579 in /etc/subuid and /etc/subgid.
580 Containers created by a non-root user are not visible to other users
583 and are not seen or managed by Podman running as root.
584 It is required to have multiple uids/gids set for a user. Be sure the
587 user is present in the files /etc/subuid and /etc/subgid.
588 If you have a recent version of usermod, you can execute the following
591 commands to add the ranges to the files
592 $ sudo usermod --add-subuids 10000-75535 USERNAME
595 $ sudo usermod --add-subgids 10000-75535 USERNAME
596 Or just add the content manually.
600 $ echo USERNAME:10000:65536 >> /etc/subuid
603 $ echo USERNAME:10000:65536 >> /etc/subgid
604 See the subuid(5) and subgid(5) man pages for more information.
608 Images are pulled under XDG_DATA_HOME when specified, otherwise in the
611 home directory of the user under .local/share/containers/storage.
612 Currently the slirp4netns package is required to be installed to create
615 a network device, otherwise rootless containers need to run in the net‐
616 work namespace of the host.
617 In certain environments like HPC (High Performance Computing), users
620 cannot take advantage of the additional UIDs and GIDs from the
621 /etc/subuid and /etc/subgid systems. However, in this environment,
622 rootless Podman can operate with a single UID. To make this work, set
623 the ignore_chown_errors option in the /etc/containers/storage.conf or
624 in ~/.config/containers/storage.conf files. This option tells Podman
625 when pulling an image to ignore chown errors when attempting to change
626 a file in a container image to match the non-root UID in the image.
627 This means all files get saved as the user's UID. Note this could cause
628 issues when running the container.
629 NOTE: Unsupported file systems in rootless mode
632 The Overlay file system (OverlayFS) is not supported with kernels prior
633 to 5.12.9 in rootless mode. The fuse-overlayfs package is a tool that
634 provides the functionality of OverlayFS in user namespace that allows
635 mounting file systems in rootless environments. It is recommended to
636 install the fuse-overlayfs package. In rootless mode, Podman will au‐
637 tomatically use the fuse-overlayfs program as the mount_program if in‐
638 stalled, as long as the $HOME/.config/containers/storage.conf file was
639 not previously created. If storage.conf exists in the homedir, add
640 mount_program = "/usr/bin/fuse-overlayfs" under [storage.options.over‐
641 lay] to enable this feature.
642 The Network File System (NFS) and other distributed file systems (for
645 example: Lustre, Spectrum Scale, the General Parallel File System
646 (GPFS)) are not supported when running in rootless mode as these file
647 systems do not understand user namespace. However, rootless Podman can
648 make use of an NFS Homedir by modifying the $HOME/.config/contain‐
649 ers/storage.conf to have the graphroot option point to a directory
650 stored on local (Non NFS) storage.
651 For more information, please refer to the Podman Troubleshooting Page.
654
657 containers-mounts.conf(5), containers-registries.conf(5), containers-
658 storage.conf(5), buildah(1), containers.conf(5), oci-hooks(5), contain‐
659 ers-policy.json(5), crun(8), runc(8), subuid(5), subgid(5),
660 slirp4netns(1), conmon(8).
661
664 Dec 2016, Originally compiled by Dan Walsh dwalsh@redhat.com
665 ⟨mailto:dwalsh@redhat.com⟩
666 podman(1)()