Workflow

Podman

Latest version: v5.2.0

Safety actively analyzes 665814 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 10 of 36

4.3.1

Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands

Misc
- Updated the containers/image library to v5.23.1

4.3.0

Not secure
Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([15067](https://github.com/containers/podman/issues/15067)).
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)).
- The `podman kube play` command now supports the `emptyDir` volume type ([13309](https://github.com/containers/podman/issues/13309)).
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([15402](https://github.com/containers/podman/issues/15402)).
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([15288](https://github.com/containers/podman/issues/15288)).
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([15294](https://github.com/containers/podman/issues/15294)).
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([15523](https://github.com/containers/podman/issues/15523)).
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([14767](https://github.com/containers/podman/issues/14767)).
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option ([15869](https://github.com/containers/podman/issues/15869)).
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([15674](https://github.com/containers/podman/issues/15674)).
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([14707](https://github.com/containers/podman/issues/14707)).

Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([4217](https://github.com/containers/podman/issues/4217)).
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([15666](https://github.com/containers/podman/issues/15666)).
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([15878](https://github.com/containers/podman/issues/15878)).
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.

Bugfixes
- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([14182](https://github.com/containers/podman/issues/14182)).
- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([15156](https://github.com/containers/podman/issues/15156)).
- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)).
- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([15726](https://github.com/containers/podman/issues/15726)).
- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([15855](https://github.com/containers/podman/issues/15855)).
- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([15942](https://github.com/containers/podman/issues/15942)).
- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes.
- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress.
- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([14661](https://github.com/containers/podman/issues/14661)).
- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use.
- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([15485](https://github.com/containers/podman/issues/15485)).
- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([14811](https://github.com/containers/podman/issues/14811)).
- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot.
- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([15617](https://github.com/containers/podman/issues/15617)).
- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([15647](https://github.com/containers/podman/issues/15647)).
- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([15707](https://github.com/containers/podman/issues/15707)).
- Fixed a bug where the `podman events` command could function improperly when no events were present ([15688](https://github.com/containers/podman/issues/15688)).
- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([13446](https://github.com/containers/podman/issues/13446)).
- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([14546](https://github.com/containers/podman/issues/14546)).
- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option.
- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([16149](https://github.com/containers/podman/issues/16149)).
- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted.
- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([15789](https://github.com/containers/podman/issues/15789)).
- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([15526](https://github.com/containers/podman/issues/15526)).
- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([15765](https://github.com/containers/podman/issues/15765)).
- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([15836](https://github.com/containers/podman/issues/15836)).
- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command.
- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status.
- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([15879](https://github.com/containers/podman/issues/15879)).
- Fixed a bug where the `podman pod logs --latest` command could panic ([15556](https://github.com/containers/podman/issues/15556)).
- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic.
- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([16142](https://github.com/containers/podman/issues/16142)).

API
- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([15720](https://github.com/containers/podman/issues/15720)).
- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([15580](https://github.com/containers/podman/issues/15580)).
- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([15018](https://github.com/containers/podman/issues/15018)).
- Fixed a bug where the REST API could panic while retrieving images.
- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.

Misc
- Error messages when attempting to remove an image used by a non-Podman container have been improved ([15006](https://github.com/containers/podman/issues/15006)).
- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([15295](https://github.com/containers/podman/issues/15295)).
- Work is ongoing to port Podman to FreeBSD.
- The output of `podman generate systemd` has been adjusted to improve readability.
- A number of performance improvements have been made to `podman create` and `podman run`.
- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
- Updated Buildah to v1.28.0
- Updated the containers/image library to v5.23.0
- Updated the containers/storage library to v1.43.0
- Updated the containers/common library to v0.50.1

4.3.0rc1

This is the first release candidate for Podman v4.3.0. Full release notes are not available, and will be compiled as part of the release.

4.2.1

Features
- Added support for Sigstore signatures (`sigstoreSigned`) to the `podman image trust set` and `podman image trust show` commands.`
- The `podman image trust show` command now recognizes new `lookaside` field names.
- The `podman image trust show` command now recognizes `keyPaths` in `signedBy` entries.

Changes
- BREAKING CHANGE: `podman image trust show` may now show multiple entries for the same scope, to better represent separate requirements. GPG IDs on a single row now always represent alternative keys, only one of which is required; if multiple sets of keys are required, each is re\
presented by a single line.
- The `podman generate kube` command no longer adds the `bind-mount-options` annotation to generated Service YAML ([15208](https://github.com/containers/podman/issues/15208)).

Bugfixes
- Fixed a bug where Podman could deadlock when using `podman kill` to send signals to containers ([15492](https://github.com/containers/podman/issues/15492)).
- Fixed a bug where the `podman image trust set` command would silently discard unknown fields.
- Fixed a bug where the `podman image trust show` command would not show signature enforcement configuration for the default scope.
- Fixed a bug where the `podman image trust show` command would silently ignore multiple kinds of requirements in a single scope.
- Fixed a bug where a typo in the `podman-kube.service` unit file would cause warnings when running `systemctl status` on the unit.
- Fixed a bug where the `--compress` option to `podman image save` was incorrectly allowed with the `oci-dir` format.
- Fixed a bug where the `podman container clone` command did not properly clone environment variables ([15242](https://github.com/containers/podman/issues/15242)).
- Fixed a bug where Podman would not accept environment variables with whitespace in their keys ([15251](https://github.com/containers/podman/issues/15251)).
- Fixed a bug where Podman would not accept file paths containing the `:` character, preventing some commands from being used with `podman machine` on Windows ([15247](https://github.com/containers/podman/issues/15247)).
- Fixed a bug where the `podman top` command would report new capabilities as unknown.
- Fixed a bug where running Podman in a container could cause fatal errors about an inability to create cgroups ([15498](https://github.com/containers/podman/issues/15498)).
- Fixed a bug where the `podman generate kube` command could generate incorrect YAML when the `bind-mount-options` was used ([15170](https://github.com/containers/podman/issues/15170)).
- Fixed a bug where generated container names were deterministic, instead of random ([15569](https://github.com/containers/podman/issues/15569)).
- Fixed a bug where the `podman events` command would not work with custom `--format` specifiers ([15648](https://github.com/containers/podman/issues/15648)).

API
- Fixed a bug where the Compat List endpoint for Containers did not sort the `HostConfig.Binds` field as Docker does.
- Fixed a bug where the Compat List endpoint for Containers send the name (instead of ID) of the image the container was based on.
- Fixed a bug where the Compat Connect endpoint for Networks would return an error (instead of 200) when attempting to connect a container to a network it was already connected to ([15499](https://github.com/containers/podman/issues/15499)).
- Fixed a bug where the Compat Events endpoint set an incorrect status for image removal events (`remove` instead of `delete`) ([15485](https://github.com/containers/podman/issues/15485)).

4.2.0

Not secure
Podman Desktop
As part of our work to better integrate Podman into MacOS and Windows, we have also been working on a new project, [Podman Desktop](https://podman-desktop.io/), which provides a GUI to help developers interact with Podman. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies).

Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, `podman pod clone`, to create a copy of an existing pod. It supports several options, including `--start` to start the new pod, `--destroy` to remove the original pod, and `--name` to change the name of the new pod ([12843](https://github.com/containers/podman/issues/12843)).
- A new command has been added, `podman volume reload`, to sync changes in state between Podman's database and any configured volume plugins ([14207](https://github.com/containers/podman/issues/14207)).
- A new command has been added, `podman machine info`, which displays information about the host and the versions of various machine components.
- Pods created by `podman play kube` can now be managed by systemd unit files. This can be done via a new systemd service, `podman-kube.service` - e.g. `systemctl --user start podman-play-kube$(systemd-escape my.yaml).service` will run the Kubernetes pod or deployment contained in `my.yaml` under systemd.
- The `podman play kube` command now honors the `RunAsUser`, `RunAsGroup`, and `SupplementalGroups` setting from the Kubernetes pod's security context.
- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([13951](https://github.com/containers/podman/issues/13951)).
- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([7504](https://github.com/containers/podman/issues/7504)).
- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
- Pods now have include an exit policy (configurable via the `--exit-policy` option to `podman pod create`), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops, and is used by default for pods from `podman play kube` ([13464](https://github.com/containers/podman/issues/13464)).
- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([13422](https://github.com/containers/podman/issues/13422)).
- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([14609](https://github.com/containers/podman/issues/14609)).
- The `podman pod create` command has a new option, `--uts`, to configure the UTS namespace that will be shared by containers in the pod.
- The `podman pod create` command now supports setting pod-level resource limits via the `--cpus`, `--cpuset-cpus`, and `--memory` options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The `podman create` and `podman run` commands now include the `-c` short option for the `--cpu-shares` option.
- The `podman create` and `podman run` commands can now create containers from a manifest list (and not an image) as long as the `--platform` option is specified ([14773](https://github.com/containers/podman/issues/14773)).
- The `podman build` command now supports a new option, `--cpp-flag`, to specify options for the C preprocessor when using `Containerfile.in` files that require preprocessing.
- The `podman build` command now supports a new option, `--build-context`, allowing the user to specify an additional build context.
- The `podman machine inspect` command now prints the location of the VM's Podman API socket on the host ([14231](https://github.com/containers/podman/issues/14231)).
- The `podman machine init` command on Windows now fetches an image with packages pre-installed ([14698](https://github.com/containers/podman/issues/14698)).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change ([14697](https://github.com/containers/podman/issues/14697)).
- The default for the `--image-volume` option to `podman run` and `podman create` can now have its default set through the `image_volume_mode` setting in `containers.conf` ([14230](https://github.com/containers/podman/issues/14230)).
- Overlay volumes now support two new options, `workdir` and `upperdir`, to allow multiple overlay volumes from different containers to reuse the same `workdir` or `upperdir` ([14427](https://github.com/containers/podman/issues/14427)).
- The `podman volume create` command now supports two new options, `copy` and `nocopy`, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the `--opt o=timeout=` option to `podman volume create` ([BZ 2080458](https://bugzilla.redhat.com/show_bug.cgi?id=2080458)).
- The `podman volume ls` command's `--filter name=` option now supports regular expression matching for volume names ([14583](https://github.com/containers/podman/issues/14583)).
- When used with a `podman machine` VM, volumes now support specification of the 9p security model using the `security_model` option to `podman create -v` and `podman run -v`.
- The remote Podman client's `podman push` command now supports the `--remove-signatures` option ([14558](https://github.com/containers/podman/issues/14558)).
- The remote Podman client now supports the `podman image scp` command.
- The `podman image scp` command now supports tagging the transferred image with a new name.
- The `podman network ls` command supports a new filter, `--filter dangling=`, to list networks not presently used by any containers ([14595](https://github.com/containers/podman/issues/14595)).
- The `--condition` option to `podman wait` can now be specified multiple times to wait on any one of multiple conditions.
- The `podman events` command now includes the `-f` short option for the `--filter` option.
- The `podman pull` command now includes the `-a` short option for the `--all-tags` option.
- The `podman stop` command now includes a new flag, `--filter`, to filter which containers will be stopped (e.g. `podman stop --all --filter label=COM.MY.APP`).
- The Podman global option `--url` now has two aliases: `-H` and `--host`.
- The `podman network create` command now supports a new option with the default `bridge` driver, `--opt isolate=`, which isolates the network by blocking any traffic from it to any other network with the `isolate` option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in `podman push` and `podman manifest push`.
- Added an option to read image signing passphrase from a file.

Changes
- Paused containers can now be killed with the `podman kill` command.
- The `podman system prune` command now removes unused networks.
- The `--userns=keep-id` and `--userns=nomap` options to the `podman run` and `podman create` commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the `/run` directory for a container is part of a volume, Podman will not create the `/run/.containerenv` file ([14577](https://github.com/containers/podman/issues/14577)).
- The `podman machine stop` command on macOS now waits for the machine to be completely stopped to exit ([14148](https://github.com/containers/podman/issues/14148)).
- All `podman machine` commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The `podman unpause --all` command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with `podman play kube` now default to the `once` type ([14877](https://github.com/containers/podman/issues/14877)).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested ([15048](https://github.com/containers/podman/issues/15048)).
- The `podman create`, `podman run`, and `podman cp` commands can now autocomplete paths in the image or container via the shell completion.
- The `libpod/common` package has been removed as it's not used anywhere.
- The `--userns` option to `podman create` and `podman run` is no longer accepted when an explicit UID or GID mapping is specified ([15233](https://github.com/containers/podman/issues/15233)).

Bugfixes
- Fixed a bug where bind-mounting `/dev` into a container which used the `--init` flag would cause the container to fail to start ([14251](https://github.com/containers/podman/issues/14251)).
- Fixed a bug where the `podman image mount` command would not pretty-print its output when multiple images were mounted.
- Fixed a bug where the `podman volume import` command would print an unrelated error when attempting to import into a nonexistent volume ([14411](https://github.com/containers/podman/issues/14411)).
- Fixed a bug where the `podman system reset` command could race against other Podman commands ([9075](https://github.com/containers/podman/issues/9075)).
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([13899](https://github.com/containers/podman/issues/13899)).
- Fixed a bug where the `podman cp` command would overwrite directories with non-directories and vice versa. A new `--overwrite` flag to `podman cp` allows for retaining the old behavior if needed ([14420](https://github.com/containers/podman/issues/14420)).
- Fixed a bug where the `podman machine ssh` command would not preserve the exit code from the command run via ssh ([14401](https://github.com/containers/podman/issues/14401)).
- Fixed a bug where VMs created by `podman machine` would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs ([14303](https://github.com/containers/podman/issues/14303)).
- Fixed a bug where the `podman machine init` command would fail when run from `C:\Windows\System32` on Windows systems ([14416](https://github.com/containers/podman/issues/14416)).
- Fixed a bug where the `podman machine init --now` did not respect proxy environment variables ([14640](https://github.com/containers/podman/issues/14640)).
- Fixed a bug where the `podman machine init` command would fail if there is no `$HOME/.ssh` dir ([14572](https://github.com/containers/podman/issues/14572)).
- Fixed a bug where the `podman machine init` command would add a connection even if creating the VM failed ([15154](https://github.com/containers/podman/issues/15154)).
- Fixed a bug where interrupting the `podman machine start` command could render the VM unable to start.
- Fixed a bug where the `podman machine list --format` command would still print a heading.
- Fixed a bug where the `podman machine list` command did not properly set the `Starting` field ([14738](https://github.com/containers/podman/issues/14738)).
- Fixed a bug where the `podman machine start` command could fail to start QEMU VMs when the machine name started with a number.
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once ([14636](https://github.com/containers/podman/issues/14636) and [#14837](https://github.com/containers/podman/issues/14837)).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped ([BZ 2052697](https://bugzilla.redhat.com/show_bug.cgi?id=2052697)).
- Fixed a bug where the `podman -h` command did not show help output.
- Fixed a bug where the `podman wait` command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
- Fixed a bug where healthchecks generated `exec` events, instead of `health_status` events ([13493](https://github.com/containers/podman/issues/13493)).
- Fixed a bug where the `podman pod ps` command could return an error when run at the same time as `podman pod rm` ([14736](https://github.com/containers/podman/issues/14736)).
- Fixed a bug where the `podman systemd df` command incorrectly calculated reclaimable storage for volumes ([13516](https://github.com/containers/podman/issues/13516)).
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's `podman manifest rm` command would remove images, not manifests ([14763](https://github.com/containers/podman/issues/14763)).
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the `podman run` and `podman create` commands' `--device-cgroup-rule` option.
- Fixed a bug where the `podman play kube` command on 32 bit systems where the total memory was calculated incorrectly ([14819](https://github.com/containers/podman/issues/14819)).
- Fixed a bug where the `podman generate kube` command could set ports and hostname incorrectly in generated YAML ([13030](https://github.com/containers/podman/issues/13030)).
- Fixed a bug where the `podman system df --format "{{ json . }}"` command would not output the `Size` and `Reclaimable` fields ([14769](https://github.com/containers/podman/issues/14769)).
- Fixed a bug where the remote Podman client's `podman pull` command would display duplicate progress output.
- Fixed a bug where the `podman system service` command could leak memory when a client unexpectedly closed a connection when reading events or logs ([14879](https://github.com/containers/podman/issues/14879)).
- Fixed a bug where Podman containers could fail to run if the image did not contain an `/etc/passwd` file ([14966](https://github.com/containers/podman/issues/14966)).
- Fixed a bug where the remote Podman client's `podman push` command did not display progress information ([14971](https://github.com/containers/podman/issues/14971)).
- Fixed a bug where a lock ordering issue could cause `podman pod rm` to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once ([14929](https://github.com/containers/podman/issues/14929)).
- Fixed a bug where the `podman rm --force` command would exit with a non-0 code if the container in question did not exist ([14612](https://github.com/containers/podman/issues/14612)).
- Fixed a bug where the `podman container restore` command would fail when attempting to restore a checkpoint for a container with the same name as an image ([15055](https://github.com/containers/podman/issues/15055)).
- Fixed a bug where the `podman manifest push --rm` command could remove image, instead of manifest lists ([15033](https://github.com/containers/podman/issues/15033)).
- Fixed a bug where the `podman run --rm` command could fail to remove the container if it failed to start ([15049](https://github.com/containers/podman/issues/15049)).
- Fixed a bug where the `podman generate systemd --new` command would create incorrect unit files when the container was created with the `--sdnotify` parameter ([15052](https://github.com/containers/podman/issues/15052)).
- Fixed a bug where the `podman generate systemd --new` command would fail when `-h <hostname>` was used to create the container ([15124](https://github.com/containers/podman/pull/15124)).

API
- The Docker-compatible API now supports API version v1.41 ([14204](https://github.com/containers/podman/issues/14204)).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set ([15036](https://github.com/containers/podman/issues/15036)).
- Fixed a bug where the `remote` parameter to the Libpod API's Build endpoint for Images was nonfunctional ([13831](https://github.com/containers/podman/issues/13831)).
- Fixed a bug where the Libpod List endpoint for Containers did not return the `application/json` content type header when there were no containers present ([14647](https://github.com/containers/podman/issues/14647)).
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits ([14676](https://github.com/containers/podman/issues/14676)).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks ([14493](https://github.com/containers/podman/issues/14493)).
- Fixed a bug where the Compat Create endpoint for Networks did not support the `mtu`, `name`, `mode`, and `parent` options ([14482](https://github.com/containers/podman/issues/14482)).
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name `bridge` ([14983](https://github.com/containers/podman/issues/14983)).
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the `SecondaryIPAddresses` and `SecondaryIPv6Addresses` fields ([14674](https://github.com/containers/podman/issues/14674)).
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, `stream` and `delay` ([14674](https://github.com/containers/podman/issues/14674)).

Misc
- Podman will now check for nameservers in `/run/NetworkManager/no-stub-resolv.conf` if the `/etc/resolv.conf` file only contains a localhost server.
- The `podman build` command now supports caching with builds that specify `--squash-all` by allowing the `--layers` flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The `podman machine ssh` command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The `podman info` command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The `podman system prune` command now no longer prints the `Deleted Images` header if no images were pruned.
- The `podman system service` command now automatically creates and moves to a sub-cgroup when running in the root cgroup ([14573](https://github.com/containers/podman/issues/14573)).
- Updated Buildah to v1.27.0
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container ([14884](https://github.com/containers/podman/issues/14884)).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.

4.2.0rc3

Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, `podman pod clone`, to create a copy of an existing pod. It supports several options, including `--start` to start the new pod, `--destroy` to remove the original pod, and `--name` to change the name of the new pod ([12843](https://github.com/containers/podman/issues/12843)).
- A new command has been added, `podman volume reload`, to sync changes in state between Podman's database and any configured volume plugins ([14207](https://github.com/containers/podman/issues/14207)).
- A new command has been added, `podman machine info`, which displays information about the host and the versions of various machine components.
- Pods created by `podman play kube` can now be managed by systemd unit files. This can be done via a new systemd service, `podman-kube.service` - e.g. `systemctl --user start podman-play-kube$(systemd-escape my.yaml).service` will run the Kubernetes pod or deployment contained in `my.yaml` under systemd.
- The `podman play kube` command now honors the `RunAsUser`, `RunAsGroup`, and `SupplementalGroups` setting from the Kubernetes pod's security context.
- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([13951](https://github.com/containers/podman/issues/13951)).
- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([7504](https://github.com/containers/podman/issues/7504)).
- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
- Pods now have include an exit policy (configurable via the `--exit-policy` option to `podman pod create`), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops, and is used by default for pods from `podman play kube` ([13464](https://github.com/containers/podman/issues/13464)).
- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([13422](https://github.com/containers/podman/issues/13422)).
- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([14609](https://github.com/containers/podman/issues/14609)).
- The `podman pod create` command has a new option, `--uts`, to configure the UTS namespace that will be shared by containers in the pod.
- The `podman pod create` command now supports setting pod-level resource limits via the `--cpus`, `--cpuset-cpus`, and `--memory` options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The `podman create` and `podman run` commands now include the `-c` short option for the `--cpu-shares` option.
- The `podman create` and `podman run` commands can now create containers from a manifest list (and not an image) as long as the `--platform` option is specified ([14773](https://github.com/containers/podman/issues/14773)).
- The `podman build` command now supports a new option, `--cpp-flag`, to specify options for the C preprocessor when using `Containerfile.in` files that require preprocessing.
- The `podman build` command now supports a new option, `--build-context`, allowing the user to specify an additional build context.
- The `podman machine inspect` command now prints the location of the VM's Podman API socket on the host ([14231](https://github.com/containers/podman/issues/14231)).
- The `podman machine init` command on Windows now fetches an image with packages pre-installed ([14698](https://github.com/containers/podman/issues/14698)).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change ([14697](https://github.com/containers/podman/issues/14697)).
- The default for the `--image-volume` option to `podman run` and `podman create` can now have its default set through the `image_volume_mode` setting in `containers.conf` ([14230](https://github.com/containers/podman/issues/14230)).
- Overlay volumes now support two new options, `workdir` and `upperdir`, to allow multiple overlay volumes from different containers to reuse the same `workdir` or `upperdir` ([14427](https://github.com/containers/podman/issues/14427)).
- The `podman volume create` command now supports two new options, `copy` and `nocopy`, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the `--opt o=timeout=` option to `podman volume create` ([BZ 2080458](https://bugzilla.redhat.com/show_bug.cgi?id=2080458)).
- The `podman volume ls` command's `--filter name=` option now supports regular expression matching for volume names ([14583](https://github.com/containers/podman/issues/14583)).
- When used with a `podman machine` VM, volumes now support specification of the 9p security model using the `security_model` option to `podman create -v` and `podman run -v`.
- The remote Podman client's `podman push` command now supports the `--remove-signatures` option ([14558](https://github.com/containers/podman/issues/14558)).
- The remote Podman client now supports the `podman image scp` command.
- The `podman image scp` command now supports tagging the transferred image with a new name.
- The `podman network ls` command supports a new filter, `--filter dangling=`, to list networks not presently used by any containers ([14595](https://github.com/containers/podman/issues/14595)).
- The `--condition` option to `podman wait` can now be specified multiple times to wait on any one of multiple conditions.
- The `podman events` command now includes the `-f` short option for the `--filter` option.
- The `podman pull` command now includes the `-a` short option for the `--all-tags` option.
- The `podman stop` command now includes a new flag, `--filter`, to filter which containers will be stopped (e.g. `podman stop --all --filter label=COM.MY.APP`).
- The Podman global option `--url` now has two aliases: `-H` and `--host`.
- The `podman network create` command now supports a new option with the default `bridge` driver, `--opt isolate=`, which isolates the network by blocking any traffic from it to any other network with the `isolate` option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in `podman push` and `podman manifest push`.
- Added an option to read image signing passphrase from a file.

Changes
- Paused containers can now be killed with the `podman kill` command.
- The `podman system prune` command now removes unused networks.
- The `--userns=keep-id` and `--userns=nomap` options to the `podman run` and `podman create` commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the `/run` directory for a container is part of a volume, Podman will not create the `/run/.containerenv` file ([14577](https://github.com/containers/podman/issues/14577)).
- The `podman machine stop` command on macOS now waits for the machine to be completely stopped to exit ([14148](https://github.com/containers/podman/issues/14148)).
- All `podman machine` commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The `podman unpause --all` command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with `podman play kube` now default to the `once` type ([14877](https://github.com/containers/podman/issues/14877)).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested ([15048](https://github.com/containers/podman/issues/15048)).
- The `podman create`, `podman run`, and `podman cp` commands can now autocomplete paths in the image or container via the shell completion.
- The `libpod/common` package has been removed as it's not used anywhere.

Bugfixes
- Fixed a bug where bind-mounting `/dev` into a container which used the `--init` flag would cause the container to fail to start ([14251](https://github.com/containers/podman/issues/14251)).
- Fixed a bug where the `podman image mount` command would not pretty-print its output when multiple images were mounted.
- Fixed a bug where the `podman volume import` command would print an unrelated error when attempting to import into a nonexistent volume ([14411](https://github.com/containers/podman/issues/14411)).
- Fixed a bug where the `podman system reset` command could race against other Podman commands ([9075](https://github.com/containers/podman/issues/9075)).
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([13899](https://github.com/containers/podman/issues/13899)).
- Fixed a bug where the `podman cp` command would overwrite directories with non-directories and vice versa. A new `--overwrite` flag to `podman cp` allows for retaining the old behavior if needed ([14420](https://github.com/containers/podman/issues/14420)).
- Fixed a bug where the `podman machine ssh` command would not preserve the exit code from the command run via ssh ([14401](https://github.com/containers/podman/issues/14401)).
- Fixed a bug where VMs created by `podman machine` would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs ([14303](https://github.com/containers/podman/issues/14303)).
- Fixed a bug where the `podman machine init` command would fail when run from `C:\Windows\System32` on Windows systems ([14416](https://github.com/containers/podman/issues/14416)).
- Fixed a bug where the `podman machine init --now` did not respect proxy environment variables ([14640](https://github.com/containers/podman/issues/14640)).
- Fixed a bug where the `podman machine init` command would fail if there is no `$HOME/.ssh` dir ([14572](https://github.com/containers/podman/issues/14572)).
- Fixed a bug where interrupting the `podman machine start` command could render the VM unable to start.
- Fixed a bug where the `podman machine list --format` command would still print a heading.
- Fixed a bug where the `podman machine list` command did not properly set the `Starting` field ([14738](https://github.com/containers/podman/issues/14738)).
- Fixed a bug where the `podman machine start` command could fail to start QEMU VMs when the machine name started with a number.
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once ([14636](https://github.com/containers/podman/issues/14636) and [#14837](https://github.com/containers/podman/issues/14837)).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped ([BZ 2052697](https://bugzilla.redhat.com/show_bug.cgi?id=2052697)).
- Fixed a bug where the `podman -h` command did not show help output.
- Fixed a bug where the `podman wait` command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
- Fixed a bug where healthchecks generated `exec` events, instead of `health_status` events ([13493](https://github.com/containers/podman/issues/13493)).
- Fixed a bug where the `podman pod ps` command could return an error when run at the same time as `podman pod rm` ([14736](https://github.com/containers/podman/issues/14736)).
- Fixed a bug where the `podman systemd df` command incorrectly calculated reclaimable storage for volumes ([13516](https://github.com/containers/podman/issues/13516)).
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's `podman manifest rm` command would remove images, not manifests ([14763](https://github.com/containers/podman/issues/14763)).
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the `podman run` and `podman create` commands' `--device-cgroup-rule` option.
- Fixed a bug where the `podman play kube` command on 32 bit systems where the total memory was calculated incorrectly ([14819](https://github.com/containers/podman/issues/14819)).
- Fixed a bug where the `podman generate kube` command could set ports and hostname incorrectly in generated YAML ([13030](https://github.com/containers/podman/issues/13030)).
- Fixed a bug where the `podman system df --format "{{ json . }}"` command would not output the `Size` and `Reclaimable` fields ([14769](https://github.com/containers/podman/issues/14769)).
- Fixed a bug where the remote Podman client's `podman pull` command would display duplicate progress output.
- Fixed a bug where the `podman system service` command could leak memory when a client unexpectedly closed a connection when reading events or logs ([14879](https://github.com/containers/podman/issues/14879)).
- Fixed a bug where Podman containers could fail to run if the image did not contain an `/etc/passwd` file ([14966](https://github.com/containers/podman/issues/14966)).
- Fixed a bug where the remote Podman client's `podman push` command did not display progress information ([14971](https://github.com/containers/podman/issues/14971)).
- Fixed a bug where a lock ordering issue could cause `podman pod rm` to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once ([14929](https://github.com/containers/podman/issues/14929)).

API
- The Docker-compatible API now supports API version v1.41 ([14204](https://github.com/containers/podman/issues/14204)).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set ([15036](https://github.com/containers/podman/issues/15036)).
- Fixed a bug where the `remote` parameter to the Libpod API's Build endpoint for Images was nonfunctional ([13831](https://github.com/containers/podman/issues/13831)).
- Fixed a bug where the Libpod List endpoint for Containers did not return the `application/json` content type header when there were no containers present ([14647](https://github.com/containers/podman/issues/14647)).
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits ([14676](https://github.com/containers/podman/issues/14676)).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks ([14493](https://github.com/containers/podman/issues/14493)).
- Fixed a bug where the Compat Create endpoint for Networks did not support the `mtu`, `name`, `mode`, and `parent` options ([14482](https://github.com/containers/podman/issues/14482)).
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name `bridge` ([14983](https://github.com/containers/podman/issues/14983)).
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the `SecondaryIPAddresses` and `SecondaryIPv6Addresses` fields ([14674](https://github.com/containers/podman/issues/14674)).
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, `stream` and `delay` ([14674](https://github.com/containers/podman/issues/14674)).

Misc
- Podman will now check for nameservers in `/run/NetworkManager/no-stub-resolv.conf` if the `/etc/resolv.conf` file only contains a localhost server.
- The `podman build` command now supports caching with builds that specify `--squash-all` by allowing the `--layers` flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The `podman machine ssh` command no longer prints spurious warnings every time it is run.
- The `podman info` command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The `podman system prune` command now no longer prints the `Deleted Images` header if no images were pruned.
- The `podman system service` command now automatically creates and moves to a sub-cgroup when running in the root cgroup ([14573](https://github.com/containers/podman/issues/14573)).
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container ([14884](https://github.com/containers/podman/issues/14884)).
- Fixed an incorrect release note about regexp.
- MacOS pkginstaller support is now included.

Page 10 of 36

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.