Podman

New
trial
First Added:December 17, 2023 Updated: June 30, 2026

Podman is a daemonless OCI container engine with a Docker-compatible CLI and rootless-by-default security model. Containers run as user processes; there is no background daemon to attack or babysit. We trial it for Linux hosts, CI runners, and rootless workflows without Docker Desktop licensing. It complements Rancher Desktop (trial) when you want a lightweight engine instead of a full desktop Kubernetes stack.

Blurb

The best free & open source container tools.

Summary

What you get: podman run, podman build (via Buildah), podman compose, pods, and optional remote APIs. Most commands work as a normal user with user namespaces. Images and containers follow Open Container Initiative specs, so they interoperate with Kubernetes and other OCI runtimes.

When to try:

SituationWhy Podman
Linux laptop or serverDefault on many RHEL/Fedora estates; strong systemd/Quadlet story
Rootless securityNo setuid daemon; containers map root inside to your host UID
CI pipelinesRun builds and tests without Docker Desktop or a shared daemon
Docker script migrationalias docker=podman covers most day-to-day CLI use

When to skip:

SituationPrefer instead
Desktop GUI plus local K8sRancher Desktop (trial)
macOS speed and polishOrbStack (assess) or Rancher Desktop
Docker Swarm or pluginsNot supported; use Kubernetes
Every Compose edge caseTest podman compose first; some stacks assume Moby-only behavior

Not a perfect drop-in: Swarm, plugins, and a few Compose or volume patterns still break. Pilot your repo before mandating Podman org-wide.

Details

TopicNotes
Installhttps://podman.io/getting-started/installation (Linux primary; Podman Desktop for macOS/Windows)
RootlessNeeds /etc/subuid and /etc/subgid; pasta or slirp4netns for networking
Composepodman compose for Compose files; verify against Docker Compose features you use
BuildsImage builds delegate to Buildah; Dockerfile workflow is familiar
Remotepodman --remote and API service for tools that expect a Docker socket
Dev ContainersWorks when the IDE can reach a compatible socket; test with your stack

References