Podman

Latest version: v5.4.0.1

Safety actively analyzes 714860 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 13 of 38

4.2.0

Not secure
- Added support for devices in container creation
- Implemented the login endpoint
- Added relabel option for mounts and other mount option support
- Implemented exec_run
- Bug Fixes

Thanks to all for the contributions!

4.2.0rc3

Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, `podman pod clone`, to create a copy of an existing pod. It supports several options, including `--start` to start the new pod, `--destroy` to remove the original pod, and `--name` to change the name of the new pod ([12843](https://github.com/containers/podman/issues/12843)).
- A new command has been added, `podman volume reload`, to sync changes in state between Podman's database and any configured volume plugins ([14207](https://github.com/containers/podman/issues/14207)).
- A new command has been added, `podman machine info`, which displays information about the host and the versions of various machine components.
- Pods created by `podman play kube` can now be managed by systemd unit files. This can be done via a new systemd service, `podman-kube.service` - e.g. `systemctl --user start podman-play-kube$(systemd-escape my.yaml).service` will run the Kubernetes pod or deployment contained in `my.yaml` under systemd.
- The `podman play kube` command now honors the `RunAsUser`, `RunAsGroup`, and `SupplementalGroups` setting from the Kubernetes pod's security context.
- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([13951](https://github.com/containers/podman/issues/13951)).
- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([7504](https://github.com/containers/podman/issues/7504)).
- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
- Pods now have include an exit policy (configurable via the `--exit-policy` option to `podman pod create`), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops, and is used by default for pods from `podman play kube` ([13464](https://github.com/containers/podman/issues/13464)).
- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([13422](https://github.com/containers/podman/issues/13422)).
- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([14609](https://github.com/containers/podman/issues/14609)).
- The `podman pod create` command has a new option, `--uts`, to configure the UTS namespace that will be shared by containers in the pod.
- The `podman pod create` command now supports setting pod-level resource limits via the `--cpus`, `--cpuset-cpus`, and `--memory` options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The `podman create` and `podman run` commands now include the `-c` short option for the `--cpu-shares` option.
- The `podman create` and `podman run` commands can now create containers from a manifest list (and not an image) as long as the `--platform` option is specified ([14773](https://github.com/containers/podman/issues/14773)).
- The `podman build` command now supports a new option, `--cpp-flag`, to specify options for the C preprocessor when using `Containerfile.in` files that require preprocessing.
- The `podman build` command now supports a new option, `--build-context`, allowing the user to specify an additional build context.
- The `podman machine inspect` command now prints the location of the VM's Podman API socket on the host ([14231](https://github.com/containers/podman/issues/14231)).
- The `podman machine init` command on Windows now fetches an image with packages pre-installed ([14698](https://github.com/containers/podman/issues/14698)).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change ([14697](https://github.com/containers/podman/issues/14697)).
- The default for the `--image-volume` option to `podman run` and `podman create` can now have its default set through the `image_volume_mode` setting in `containers.conf` ([14230](https://github.com/containers/podman/issues/14230)).
- Overlay volumes now support two new options, `workdir` and `upperdir`, to allow multiple overlay volumes from different containers to reuse the same `workdir` or `upperdir` ([14427](https://github.com/containers/podman/issues/14427)).
- The `podman volume create` command now supports two new options, `copy` and `nocopy`, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the `--opt o=timeout=` option to `podman volume create` ([BZ 2080458](https://bugzilla.redhat.com/show_bug.cgi?id=2080458)).
- The `podman volume ls` command's `--filter name=` option now supports regular expression matching for volume names ([14583](https://github.com/containers/podman/issues/14583)).
- When used with a `podman machine` VM, volumes now support specification of the 9p security model using the `security_model` option to `podman create -v` and `podman run -v`.
- The remote Podman client's `podman push` command now supports the `--remove-signatures` option ([14558](https://github.com/containers/podman/issues/14558)).
- The remote Podman client now supports the `podman image scp` command.
- The `podman image scp` command now supports tagging the transferred image with a new name.
- The `podman network ls` command supports a new filter, `--filter dangling=`, to list networks not presently used by any containers ([14595](https://github.com/containers/podman/issues/14595)).
- The `--condition` option to `podman wait` can now be specified multiple times to wait on any one of multiple conditions.
- The `podman events` command now includes the `-f` short option for the `--filter` option.
- The `podman pull` command now includes the `-a` short option for the `--all-tags` option.
- The `podman stop` command now includes a new flag, `--filter`, to filter which containers will be stopped (e.g. `podman stop --all --filter label=COM.MY.APP`).
- The Podman global option `--url` now has two aliases: `-H` and `--host`.
- The `podman network create` command now supports a new option with the default `bridge` driver, `--opt isolate=`, which isolates the network by blocking any traffic from it to any other network with the `isolate` option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in `podman push` and `podman manifest push`.
- Added an option to read image signing passphrase from a file.

Changes
- Paused containers can now be killed with the `podman kill` command.
- The `podman system prune` command now removes unused networks.
- The `--userns=keep-id` and `--userns=nomap` options to the `podman run` and `podman create` commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the `/run` directory for a container is part of a volume, Podman will not create the `/run/.containerenv` file ([14577](https://github.com/containers/podman/issues/14577)).
- The `podman machine stop` command on macOS now waits for the machine to be completely stopped to exit ([14148](https://github.com/containers/podman/issues/14148)).
- All `podman machine` commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The `podman unpause --all` command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with `podman play kube` now default to the `once` type ([14877](https://github.com/containers/podman/issues/14877)).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested ([15048](https://github.com/containers/podman/issues/15048)).
- The `podman create`, `podman run`, and `podman cp` commands can now autocomplete paths in the image or container via the shell completion.
- The `libpod/common` package has been removed as it's not used anywhere.

Bugfixes
- Fixed a bug where bind-mounting `/dev` into a container which used the `--init` flag would cause the container to fail to start ([14251](https://github.com/containers/podman/issues/14251)).
- Fixed a bug where the `podman image mount` command would not pretty-print its output when multiple images were mounted.
- Fixed a bug where the `podman volume import` command would print an unrelated error when attempting to import into a nonexistent volume ([14411](https://github.com/containers/podman/issues/14411)).
- Fixed a bug where the `podman system reset` command could race against other Podman commands ([9075](https://github.com/containers/podman/issues/9075)).
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([13899](https://github.com/containers/podman/issues/13899)).
- Fixed a bug where the `podman cp` command would overwrite directories with non-directories and vice versa. A new `--overwrite` flag to `podman cp` allows for retaining the old behavior if needed ([14420](https://github.com/containers/podman/issues/14420)).
- Fixed a bug where the `podman machine ssh` command would not preserve the exit code from the command run via ssh ([14401](https://github.com/containers/podman/issues/14401)).
- Fixed a bug where VMs created by `podman machine` would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs ([14303](https://github.com/containers/podman/issues/14303)).
- Fixed a bug where the `podman machine init` command would fail when run from `C:\Windows\System32` on Windows systems ([14416](https://github.com/containers/podman/issues/14416)).
- Fixed a bug where the `podman machine init --now` did not respect proxy environment variables ([14640](https://github.com/containers/podman/issues/14640)).
- Fixed a bug where the `podman machine init` command would fail if there is no `$HOME/.ssh` dir ([14572](https://github.com/containers/podman/issues/14572)).
- Fixed a bug where interrupting the `podman machine start` command could render the VM unable to start.
- Fixed a bug where the `podman machine list --format` command would still print a heading.
- Fixed a bug where the `podman machine list` command did not properly set the `Starting` field ([14738](https://github.com/containers/podman/issues/14738)).
- Fixed a bug where the `podman machine start` command could fail to start QEMU VMs when the machine name started with a number.
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once ([14636](https://github.com/containers/podman/issues/14636) and [#14837](https://github.com/containers/podman/issues/14837)).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped ([BZ 2052697](https://bugzilla.redhat.com/show_bug.cgi?id=2052697)).
- Fixed a bug where the `podman -h` command did not show help output.
- Fixed a bug where the `podman wait` command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
- Fixed a bug where healthchecks generated `exec` events, instead of `health_status` events ([13493](https://github.com/containers/podman/issues/13493)).
- Fixed a bug where the `podman pod ps` command could return an error when run at the same time as `podman pod rm` ([14736](https://github.com/containers/podman/issues/14736)).
- Fixed a bug where the `podman systemd df` command incorrectly calculated reclaimable storage for volumes ([13516](https://github.com/containers/podman/issues/13516)).
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's `podman manifest rm` command would remove images, not manifests ([14763](https://github.com/containers/podman/issues/14763)).
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the `podman run` and `podman create` commands' `--device-cgroup-rule` option.
- Fixed a bug where the `podman play kube` command on 32 bit systems where the total memory was calculated incorrectly ([14819](https://github.com/containers/podman/issues/14819)).
- Fixed a bug where the `podman generate kube` command could set ports and hostname incorrectly in generated YAML ([13030](https://github.com/containers/podman/issues/13030)).
- Fixed a bug where the `podman system df --format "{{ json . }}"` command would not output the `Size` and `Reclaimable` fields ([14769](https://github.com/containers/podman/issues/14769)).
- Fixed a bug where the remote Podman client's `podman pull` command would display duplicate progress output.
- Fixed a bug where the `podman system service` command could leak memory when a client unexpectedly closed a connection when reading events or logs ([14879](https://github.com/containers/podman/issues/14879)).
- Fixed a bug where Podman containers could fail to run if the image did not contain an `/etc/passwd` file ([14966](https://github.com/containers/podman/issues/14966)).
- Fixed a bug where the remote Podman client's `podman push` command did not display progress information ([14971](https://github.com/containers/podman/issues/14971)).
- Fixed a bug where a lock ordering issue could cause `podman pod rm` to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once ([14929](https://github.com/containers/podman/issues/14929)).

API
- The Docker-compatible API now supports API version v1.41 ([14204](https://github.com/containers/podman/issues/14204)).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set ([15036](https://github.com/containers/podman/issues/15036)).
- Fixed a bug where the `remote` parameter to the Libpod API's Build endpoint for Images was nonfunctional ([13831](https://github.com/containers/podman/issues/13831)).
- Fixed a bug where the Libpod List endpoint for Containers did not return the `application/json` content type header when there were no containers present ([14647](https://github.com/containers/podman/issues/14647)).
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits ([14676](https://github.com/containers/podman/issues/14676)).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks ([14493](https://github.com/containers/podman/issues/14493)).
- Fixed a bug where the Compat Create endpoint for Networks did not support the `mtu`, `name`, `mode`, and `parent` options ([14482](https://github.com/containers/podman/issues/14482)).
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name `bridge` ([14983](https://github.com/containers/podman/issues/14983)).
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the `SecondaryIPAddresses` and `SecondaryIPv6Addresses` fields ([14674](https://github.com/containers/podman/issues/14674)).
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, `stream` and `delay` ([14674](https://github.com/containers/podman/issues/14674)).

Misc
- Podman will now check for nameservers in `/run/NetworkManager/no-stub-resolv.conf` if the `/etc/resolv.conf` file only contains a localhost server.
- The `podman build` command now supports caching with builds that specify `--squash-all` by allowing the `--layers` flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The `podman machine ssh` command no longer prints spurious warnings every time it is run.
- The `podman info` command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The `podman system prune` command now no longer prints the `Deleted Images` header if no images were pruned.
- The `podman system service` command now automatically creates and moves to a sub-cgroup when running in the root cgroup ([14573](https://github.com/containers/podman/issues/14573)).
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container ([14884](https://github.com/containers/podman/issues/14884)).
- Fixed an incorrect release note about regexp.
- MacOS pkginstaller support is now included.

4.2.0rc2

This is the second release candidate for Podman v4.2.0. We expect a further RC next week, and a final release a week later. Preliminary release notes are attached.

Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, `podman pod clone`, to create a copy of an existing pod. It supports several options, including `--start` to start the new pod, `--destroy` to remove the original pod, and `--name` to change the name of the new pod ([12843](https://github.com/containers/podman/issues/12843)).
- A new command has been added, `podman volume reload`, to sync changes in state between Podman's database and any configured volume plugins ([14207](https://github.com/containers/podman/issues/14207)).
- A new command has been added, `podman machine info`, which displays information about the host and the versions of various machine components.
- Pods created by `podman play kube` can now be managed by systemd unit files. This can be done via a new systemd service, `podman-kube.service` - e.g. `systemctl --user start podman-play-kube$(systemd-escape my.yaml).service` will run the Kubernetes pod or deployment contained in `my.yaml` under systemd.
- The `podman play kube` command now honors the `RunAsUser`, `RunAsGroup`, and `SupplementalGroups` setting from the Kubernetes pod's security context.
- The `podman play kube` command now supports volumes with the `BlockDevice` and `CharDevice` types ([13951](https://github.com/containers/podman/issues/13951)).
- The `podman play kube` command now features a new flag, `--userns`, to set the user namespace of created pods. Two values are allowed at present: `host` and `auto` ([7504](https://github.com/containers/podman/issues/7504)).
- The `podman play kube` command now supports setting the type of created init containers via the `io.podman.annotations.init.container.type` annotation.
- Pods now have include an exit policy (configurable via the `--exit-policy` option to `podman pod create`), which determines what will happen to the pod's infra container when the entire pod stops. The default, `continue`, acts as Podman currently does, while a new option, `stop`, stops the infra container after the last container in the pod stops, and is used by default for pods from `podman play kube` ([13464](https://github.com/containers/podman/issues/13464)).
- The `podman pod create` command now allows the pod's name to be specified as an argument, instead of using the `--name` option - for example, `podman pod create mypod` instead of the prior `podman pod create --name mypod`. Please note that the `--name` option is not deprecated and will continue to work.
- The `podman pod create` command's `--share` option now supports adding namespaces to the set by prefacing them with `+` (as opposed to specifying all namespaces that should be shared) ([13422](https://github.com/containers/podman/issues/13422)).
- The `podman pod create` command has a new option, `--shm-size`, to specify the size of the `/dev/shm` mount that will be shared if the pod shares its UTS namespace ([14609](https://github.com/containers/podman/issues/14609)).
- The `podman pod create` command has a new option, `--uts`, to configure the UTS namespace that will be shared by containers in the pod.
- The `podman pod create` command now supports setting pod-level resource limits via the `--cpus`, `--cpuset-cpus`, and `--memory` options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The `podman create` and `podman run` commands now include the `-c` short option for the `--cpu-shares` option.
- The `podman create` and `podman run` commands can now create containers from a manifest list (and not an image) as long as the `--platform` option is specified ([14773](https://github.com/containers/podman/issues/14773)).
- The `podman build` command now supports a new option, `--cpp-flag`, to specify options for the C preprocessor when using `Containerfile.in` files that require preprocessing.
- The `podman build` command now supports a new option, `--build-contaxt`, allowing the user to specify an additional build context.
- The `podman machine inspect` command now prints the location of the VM's Podman API socket on the host ([14231](https://github.com/containers/podman/issues/14231)).
- The `podman machine init` command on Windows now fetches an image with packages pre-installed ([14698](https://github.com/containers/podman/issues/14698)).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change ([14697](https://github.com/containers/podman/issues/14697)).
- The default for the `--image-volume` option to `podman run` and `podman create` can now have its default set through the `image_volume_mode` setting in `containers.conf` ([14230](https://github.com/containers/podman/issues/14230)).
- Overlay volumes now support two new options, `workdir` and `upperdir`, to allow multiple overlay volumes from different containers to reuse the same `workdir` or `upperdir` ([14427](https://github.com/containers/podman/issues/14427)).
- The `podman volume create` command now supports two new options, `copy` and `nocopy`, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the `--opt o=timeout=` option to `podman volume create` ([BZ 2080458](https://bugzilla.redhat.com/show_bug.cgi?id=2080458)).
- The `podman volume ls` command's `--filter name=` option now supports regular expression matching for volume names ([14583](https://github.com/containers/podman/issues/14583)).
- When used with a `podman machine` VM, volumes now support specification of the 9p security model using the `security_model` option to `podman create -v` and `podman run -v`.
- The remote Podman client's `podman push` command now supports the `--remove-signatures` option ([14558](https://github.com/containers/podman/issues/14558)).
- The remote Podman client now supports the `podman image scp` command.
- The `podman image scp` command now supports tagging the transferred image with a new name.
- The `podman network ls` command supports a new filter, `--filter dangling=`, to list networks not presently used by any containers ([14595](https://github.com/containers/podman/issues/14595)).
- The `--condition` option to `podman wait` can now be specified multiple times to wait on any one of multiple conditions.
- The `podman events` command now includes the `-f` short option for the `--filter` option.
- The `podman pull` command now includes the `-a` short option for the `--all-tags` option.
- The `podman stop` command now includes a new flag, `--filter`, to filter which containers will be stopped (e.g. `podman stop --all --filter label=COM.MY.APP`).
- The Podman global option `--url` now has two aliases: `-H` and `--host`.
- The `podman network create` command now supports a new option with the default `bridge` driver, `--opt isolate=`, which isolates the network by blocking any traffic from it to any other network with the `isolate` option enabled. This option is enabled by default for networks created using the Docker-compatible API.

Changes
- Paused containers can now be killed with the `podman kill` command.
- The `podman system prune` command now removes unused networks.
- The `--userns=keep-id` and `--userns=nomap` options to the `podman run` and `podman create` commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the `/run` directory for a container is part of a volume, Podman will not create the `/run/.containerenv` file ([14577](https://github.com/containers/podman/issues/14577)).
- The `podman machine stop` command on macOS now waits for the machine to be completely stopped to exit ([14148](https://github.com/containers/podman/issues/14148)).
- All `podman machine` commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The `podman unpause --all` command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with `podman play kube` now default to the `once` type ([14877](https://github.com/containers/podman/issues/14877)).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested ([15048](https://github.com/containers/podman/issues/15048)).
- The `podman create`, `podman run`, and `podman cp` commands can now autocomplete paths in the image or container via the shell completion.

Bugfixes
- Fixed a bug where bind-mounting `/dev` into a container which used the `--init` flag would cause the container to fail to start ([14251](https://github.com/containers/podman/issues/14251)).
- Fixed a bug where the `podman image mount` command would not pretty-print its output when multiple images were mounted.
- Fixed a bug where the `podman volume import` command would print an unrelated error when attempting to import into a nonexistent volume ([14411](https://github.com/containers/podman/issues/14411)).
- Fixed a bug where the `podman system reset` command could race against other Podman commands ([9075](https://github.com/containers/podman/issues/9075)).
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([13899](https://github.com/containers/podman/issues/13899)).
- Fixed a bug where the `podman cp` command would overwrite directories with non-directories and vice versa. A new `--overwrite` flag to `podman cp` allows for retaining the old behavior if needed ([14420](https://github.com/containers/podman/issues/14420)).
- Fixed a bug where the `podman machine ssh` command would not preserve the exit code from the command run via ssh ([14401](https://github.com/containers/podman/issues/14401)).
- Fixed a bug where VMs created by `podman machine` would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs ([14303](https://github.com/containers/podman/issues/14303)).
- Fixed a bug where the `podman machine init` command would fail when run from `C:\Windows\System32` on Windows systems ([14416](https://github.com/containers/podman/issues/14416)).
- Fixed a bug where the `podman machine init --now` did not respect proxy environment variables ([14640](https://github.com/containers/podman/issues/14640)).
- Fixed a bug where the `podman machine init` command would fail if there is no `$HOME/.ssh` dir ([14572](https://github.com/containers/podman/issues/14572)).
- Fixed a bug where interrupting the `podman machine start` command could render the VM unable to start.
- Fixed a bug where the `podman machine list --format` command would still print a heading.
- Fixed a bug where the `podman machine list` command did not properly set the `Starting` field ([14738](https://github.com/containers/podman/issues/14738)).
- Fixed a bug where the `podman machine start` command could fail to start QEMU VMs when the machine name started with a number.
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once ([14636](https://github.com/containers/podman/issues/14636) and [#14837](https://github.com/containers/podman/issues/14837)).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped ([BZ 2052697](https://bugzilla.redhat.com/show_bug.cgi?id=2052697)).
- Fixed a bug where the `podman -h` command did not show help output.
- Fixed a bug where the `podman wait` command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
- Fixed a bug where healthchecks generated `exec` events, instead of `health_status` events ([13493](https://github.com/containers/podman/issues/13493)).
- Fixed a bug where the `podman pod ps` command could return an error when run at the same time as `podman pod rm` ([14736](https://github.com/containers/podman/issues/14736)).
- Fixed a bug where the `podman systemd df` command incorrectly calculated reclaimable storage for volumes ([13516](https://github.com/containers/podman/issues/13516)).
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's `podman manifest rm` command would remove images, not manifests ([14763](https://github.com/containers/podman/issues/14763)).
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the `podman run` and `podman create` commands' `--device-cgroup-rule` option.
- Fixed a bug where the `podman play kube` command on 32 bit systems where the total memory was calculated incorrectly ([14819](https://github.com/containers/podman/issues/14819)).
- Fixed a bug where the `podman generate kube` command could set ports and hostname incorrectly in generated YAML ([13030](https://github.com/containers/podman/issues/13030)).
- Fixed a bug where the `podman system df --format "{{ json . }}"` command would not output the `Size` and `Reclaimable` fields ([14769](https://github.com/containers/podman/issues/14769)).
- Fixed a bug where the remote Podman client's `podman pull` command would display duplicate progress output.
- Fixed a bug where the `podman system service` command could leak memory when a client unexpectedly closed a connection when reading events or logs ([14879](https://github.com/containers/podman/issues/14879)).
- Fixed a bug where Podman containers could fail to run if the image did not contain an `/etc/passwd` file ([14966](https://github.com/containers/podman/issues/14966)).
- Fixed a bug where the remote Podman client's `podman push` command did not display progress information ([14971](https://github.com/containers/podman/issues/14971)).
- Fixed a bug where a lock ordering issue could cause `podman pod rm` to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once ([14929](https://github.com/containers/podman/issues/14929)).

API
- The Docker-compatible API now supports API version v1.41 ([14204](https://github.com/containers/podman/issues/14204)).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set ([15036](https://github.com/containers/podman/issues/15036)).
- Fixed a bug where the `remote` parameter to the Libpod API's Build endpoint for Images was nonfunctional ([13831](https://github.com/containers/podman/issues/13831)).
- Fixed a bug where the Libpod List endpoint for Containers did not return the `application/json` content type header when there were no containers present ([14647](https://github.com/containers/podman/issues/14647)).
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits ([14676](https://github.com/containers/podman/issues/14676)).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks ([14493](https://github.com/containers/podman/issues/14493)).
- Fixed a bug where the Compat Create endpoint for Networks did not support the `mtu`, `name`, `mode`, and `parent` options ([14482](https://github.com/containers/podman/issues/14482)).
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name `bridge` ([14983](https://github.com/containers/podman/issues/14983)).
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the `SecondaryIPAddresses` and `SecondaryIPv6Addresses` fields ([14674](https://github.com/containers/podman/issues/14674)).
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, `stream` and `delay` ([14674](https://github.com/containers/podman/issues/14674)).

Misc
- Podman will now check for nameservers in `/run/NetworkManager/no-stub-resolv.conf` if the `/etc/resolv.conf` file only contains a localhost server.
- The `podman build` command now supports caching with builds that specify `--squash-all` by allowing the `--layers` flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The `podman machine ssh` command no longer prints spurious warnings every time it is run.
- The `podman info` command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The `podman system prune` command now no longer prints the `Deleted Images` header if no images were pruned.
- The `podman system service` command now automatically creates and moves to a sub-cgroup when running in the root cgroup ([14573](https://github.com/containers/podman/issues/14573)).
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container ([14884](https://github.com/containers/podman/issues/14884)).

4.2.0rc1

This is the first release candidate of Podman v4.2.0. Full release notes are not available at present, but will be for the next RC (expected Monday, July 18, 2022).

4.1.1

Features
- Podman machine events are now supported on Windows.

Changes
- The output of the `podman load` command now mirrors that of `docker load`.

Bugfixes
- Fixed a bug where the `podman play kube` command could panic if the `--log-opt` option was used ([13356](https://github.com/containers/podman/issues/13356)).
- Fixed a bug where Podman could, under some circumstances, fail to parse container cgroup paths ([14146](https://github.com/containers/podman/issues/14146)).
- Fixed a bug where containers created with the `--sdnotify=conmon` option could send `MAINPID` twice.
- Fixed a bug where the `podman info` command could fail when run inside an LXC container.
- Fixed a bug where the pause image of a Pod with a custom ID mappings could not be built ([BZ 2083997](https://bugzilla.redhat.com/show_bug.cgi?id=2083997)).
- Fixed a bug where, on `podman machine` VMs on Windows, containers could be prematurely terminated with API forwarding was not running ([13965](https://github.com/containers/podman/issues/13965)).
- Fixed a bug where removing a container with a zombie exec session would fail the first time, but succeed for subsequent calls ([14252](https://github.com/containers/podman/issues/14252)).
- Fixed a bug where a dangling ID in the database could render Podman unusable.
- Fixed a bug where containers with memory limits could not be created when Podman was run in a root cgroup ([14236](https://github.com/containers/podman/issues/14236)).
- Fixed a bug where the `--security-opt` option to `podman run` and `podman create` did not support the `no-new-privileges:true` and `no-new-privileges:false` options (the only supported separator was `=`, not `:`) ([14133](https://github.com/containers/podman/issues/14133)).
- Fixed a bug where containers that did not create a network namespace (e.g. containers created with `--network none` or `--network ns:/path/to/ns`) could not be restored from checkpoints ([14389](https://github.com/containers/podman/issues/14389)).
- Fixed a bug where `podman-restart.service` could, if enabled, cause system shutdown to hang for 90 seconds ([14434](https://github.com/containers/podman/issues/14434)).
- Fixed a bug where the `podman stats` command would, when run as root on a container that had the `podman network disconnect` command run on it or that set a custom network interface name, return an error ([13824](https://github.com/containers/podman/issues/13824)).
- Fixed a bug where the remote Podman client's `podman pod create` command would error when the `--uidmap` option was used ([14233](https://github.com/containers/podman/issues/14233)).
- Fixed a bug where cleaning up systemd units and timers related to healthchecks was subject to race conditions and could fail.
- Fixed a bug where the default network mode of containers created by the remote Podman client was assigned by the client, not the server ([14368](https://github.com/containers/podman/issues/14368)).
- Fixed a bug where containers joining a pod that was created with `--network=host` would receive a private network namespace ([13763](https://github.com/containers/podman/issues/13763)).
- Fixed a bug where `podman machine rm --force` would remove files related to the VM before stopping it, causing issues if removal was interrupted.
- Fixed a bug where `podman logs` would omit the last line of a container's logs if the log did not end in a newline ([14458](https://github.com/containers/podman/issues/14458)).
- Fixed a bug where network cleanup was nonfunctional for containers which used a custom user namespace and were initialized via API ([14465](https://github.com/containers/podman/issues/14465)).
- Fixed a bug where some options (including volumes) for containers that joined pods were overwritten by the infra container ([14454](https://github.com/containers/podman/issues/14454)).
- Fixed a bug where the `--file-locks` option to `podman container restore` was ignored, such that file locks checkpointed by `podman container checkpoint --file-locks` were not restored.
- Fixed a bug where signals sent to a Podman attach session with `--sig-proxy` enabled at the exact moment the container that was attached to exited could cause error messages to be printed.
- Fixed a bug where running the `podman machine start` command more than once (simultaneously) on the same machine would cause errors.
- Fixed a bug where the `podman stats` command could not be run on containers that were not running (it now reports all-0s statistics for Docker compatibility) ([14498](https://github.com/containers/podman/issues/14498)).

API
- Fixed a bug where images pulled from a private registry could not be accessed via shortname using the Compat API endpoints ([14291](https://github.com/containers/podman/issues/14291)).
- Fixed a bug where the Compat Delete API for Images would return an incorrect status code (500) when attempting to delete images that are in use ([14208](https://github.com/containers/podman/issues/14208)).
- Fixed a bug where the Compat Build API for Images would include the build's `STDERR` output even if the `quiet` parameter was true.
- Fixed a bug where the Libpod Play Kube API would overwrite any log driver specified by query parameter with the system default.

Misc
- The `podman auto-update` command now creates an event when it is run.
- Error messages printed when Podman's temporary files directory is not writable have been improved.
- Units for memory limits accepted by Podman commands were incorrectly stated by documentation as megabytes, instead of mebibytes; this has now been corrected ([14187](https://github.com/containers/podman/issues/14187)).

4.1.0

Features
- Podman now supports Docker Compose v2.2 and higher ([11822](https://github.com/containers/podman/issues/11822)). Please note that it may be necessary to disable the use of Buildkit by setting the environment variable `DOCKER_BUILDKIT=0`.
- A new container command has been added, `podman container clone`. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
- A new machine command has been added, `podman machine inspect`. This command provides details on the configuration of machine VMs.
- The `podman machine set` command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new `--cpus`, `--disk-size`, and `--memory` options ([13633](https://github.com/containers/podman/issues/13633)).
- Podman now supports sending JSON events related to machines to a Unix socket named `machine_events.*\.sock` in `XDG_RUNTIME_DIR/podman` or to a socket whose path is set in the `PODMAN_MACHINE_EVENTS_SOCK` environment variable.
- Two new volume commands have been added, `podman volume mount` and `podman volume unmount`. These allow for Podman-managed named volumes to be mounted and accessed from outside containers ([12768](https://github.com/containers/podman/issues/12768)).
- VMs created by `podman machine` now automatically mount the host's `$HOME` into the VM, to allow mounting volumes from the host into containers.
- The `podman container checkpoint` and `podman container restore` options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
- The `podman play kube` command now supports environment variables that are specified using the `fieldRef` and `resourceFieldRef` sources.
- The `podman play kube` command will now set default resource limits when the provided YAML does not include them ([13115](https://github.com/containers/podman/issues/13115)).
- The `podman play kube` command now supports a new option, `--annotation`, to add annotations to created containers ([12968](https://github.com/containers/podman/issues/12968)).
- The `podman play kube --build` command now supports a new option, `--context-dir`, which allows the user to specify the context directory to use when building the Containerfile ([12485](https://github.com/containers/podman/issues/12485)).
- The `podman container commit` command now supports a new option, `--squash`, which squashes the generated image into a single layer ([12889](https://github.com/containers/podman/issues/12889)).
- The `podman pod logs` command now supports two new options, `--names`, which identifies which container generated a log message by name, instead of ID ([13261](https://github.com/containers/podman/issues/13261)) and `--color`, which colors messages based on what container generated them ([#13266](https://github.com/containers/podman/issues/13266)).
- The `podman rmi` command now supports a new option, `--ignore`, which will ignore errors caused by missing images.
- The `podman network create` command now features a new option, `--ipam-driver`, to specify details about how IP addresses are assigned to containers in the network ([13521](https://github.com/containers/podman/issues/13521)).
- The `podman machine list` command now features a new option, `--quiet`, to print only the names of configured VMs and no other information.
- The `--ipc` option to the `podman create`, `podman run`, and `podman pod create` commands now supports three new modes: `none`, `private`, and `shareable`. The default IPC mode is now `shareable`, indicating the the IPC namespace can be shared with other containers ([13265](https://github.com/containers/podman/issues/13265)).
- The `--mount` option to the `podman create` and `podman run` commands can now set options for created named volumes via the `volume-opt` parameter ([13387](https://github.com/containers/podman/issues/13387)).
- The `--mount` option to the `podman create` and `podman run` commands now allows parameters to be passed in CSV format ([13922](https://github.com/containers/podman/issues/13922)).
- The `--userns` option to the `podman create` and `podman run` commands now supports a new option, `nomap`, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
- The `podman import` command now supports three new options, `--arch`, `--os`, and `--variant`, to specify what system the imported image was built for.
- The `podman inspect` command now includes information on the network configuration of containers that joined a pre-configured network namespace with the `--net ns:` option to `podman run`, `podman create`, and `podman pod create`.
- The `podman run` and `podman create` commands now support a new option, `--chrootdirs`, which specifies additional locations where container-specific files managed by Podman (e.g. `/etc/hosts`, `/etc/resolv.conf, etc) will be mounted inside the container ([12961](https://github.com/containers/podman/issues/12691)).
- The `podman run` and `podman create` commands now support a new option, `--passwd-entry`, allowing entries to be added to the container's `/etc/passwd` file.
- The `podman images --format` command now accepts two new format directives: `{{.CreatedAt}}` and `{{.CreatedSince}}` ([14012](https://github.com/containers/podman/issues/14012)).
- The `podman volume create` command's `-o` option now accepts a new argument, `o=noquota`, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined ([14049](https://github.com/containers/podman/issues/14049)).
- The `podman info` command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization ([13876](https://github.com/containers/podman/issues/13876)).

Changes
- The `--net=container:` option to `podman run`, `podman create`, and `podman pod create` now conflicts with the `--add-host` option.
- As part of a deprecation of the SHA1 hash algorithm within Podman, the algorithm used to generate the filename of the rootless network namespace has been changed. As a result, rootless containers started before updating to Podman 4.1.0 will need to be restarted if they are joined to a network (and not just using `slirp4netns`) to ensure they can connect to containers started the upgrade.
- Podman's handling of the `/etc/hosts` file has been rewritten to improve its consistency and handling of edge cases ([12003](https://github.com/containers/podman/issues/12003) and [#13224](https://github.com/containers/podman/issues/13224)). As part of this, two new options are available in `containers.conf`: `base_hosts_file` (to specify a nonstandard location to source the base contents of the container's `/etc/hosts`) and `host_containers_internal_ip` (to specify a specific IP address for containers' `host.containers.internal` entry to point to).
- The output of the `podman image trust show` command now includes information on the transport mechanisms allowed.
- Podman now exits cleanly (with exit code 0) after receiving SIGTERM.
- Containers running in systemd mode now set the `container_uuid` environment variable ([13187](https://github.com/containers/podman/issues/13187)).
- Renaming a container now generates an event readable through `podman events`.
- The `--privileged` and `--cap-add` flags are no longer mutually exclusive ([13449](https://github.com/containers/podman/issues/13449)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` could not create anonymous volumes ([13756](https://github.com/containers/podman/issues/13756)).
- Fixed a bug where Podman containers where the user did not explicitly set an OOM score adjustment would implicitly set a value of 0, instead of not setting one at all ([13731](https://github.com/containers/podman/issues/13731)).
- The `podman machine set` command can no longer be used while the VM being updated is running ([13783](https://github.com/containers/podman/issues/13783)).
- Systemd service files created by `podman generate systemd` are now prettyprinted for increased readability.
- The `file` event log driver now automatically rotates the log file, preventing it from growing beyond a set size.
- The `--no-trunc` flag to `podman search` now defaults to `false`, to ensure output is not overly verbose.

Bugfixes
- Fixed a bug where Podman could not add devices with a major or minor number over 256 to containers.
- Fixed a bug where containers created by the `podman play kube` command did not record the raw image name used to create containers.
- Fixed a bug where VMs created by `podman machine` could not start containers which forwarded ports when run on a host with a proxy configured ([13628](https://github.com/containers/podman/issues/13628)).
- Fixed a bug where VMs created by the `podman machine` command could not be connected to when the username of the current user was sufficiently long ([12751](https://github.com/containers/podman/issues/12751)).
- Fixed a bug where the `podman system reset` command on Linux did not fully remove virtual machines created by `podman machine`.
- Fixed a bug where the `podman machine rm` command would error when removing a VM that was never started ([13834](https://github.com/containers/podman/issues/13834)).
- Fixed a bug where the remote Podman client's `podman manifest push` command could not push to registries that required authentication ([13629](https://github.com/containers/podman/issues/13629)).
- Fixed a bug where containers joining a pod with volumes did not have the pod's volumes added ([13548](https://github.com/containers/podman/issues/13548)).
- Fixed a bug where the `podman version --format` command could not return the OS of the server ([13690](https://github.com/containers/podman/issues/13690)).
- Fixed a bug where the `podman play kube` command would error when a volume specified by a `configMap` already existed ([13715](https://github.com/containers/podman/issues/13715)).
- Fixed a bug where the `podman play kube` command did not respect the `hostNetwork` setting in Pod YAML ([14015](https://github.com/containers/podman/issues/14015)).
- Fixed a bug where the `podman play kube` command would, when the `--log-driver` flag was not specified, ignore Podman's default log driver ([13781](https://github.com/containers/podman/issues/13781)).
- Fixed a bug where the `podman generate kube` command could generate YAML with too-long labels ([13962](https://github.com/containers/podman/issues/13962)).
- Fixed a bug where the `podman logs --tail=1` command would fail when the log driver was `journald` and the container was restarted ([13098](https://github.com/containers/podman/issues/13098)).
- Fixed a bug where containers created from images with a healthcheck that did not specify an interval would never run their healthchecks ([13912](https://github.com/containers/podman/issues/13912)).
- Fixed a bug where the `podman network connect` and `podman network disconnect` commands could leave invalid entries in `/etc/hosts` ([13533](https://github.com/containers/podman/issues/13533)).
- Fixed a bug where the `--tls-verify option to the `remote Podman client's `podman build` command was nonfunctional.
- Fixed a bug where the `podman pod inspect` command incorrectly reported whether the pod used the host's network ([14028](https://github.com/containers/podman/issues/14028)).
- Fixed a bug where Podman would, when run on WSL2, ports specified without an IP address (e.g. `-p 8080:8080`) would be bound to IPv6 addresses ([12292](https://github.com/containers/podman/issues/12292)).
- Fixed a bug where the remote Podman client's `podman info` could report an incorrect path to the socket used to access the Podman service ([12023](https://github.com/containers/podman/issues/12023)).

API
- Containers created via the Libpod Create API that set a memory limit, but not a swap limit, will automatically have a swap limit set ([13145](https://github.com/containers/podman/issues/13145)).
- The Compat and Libpod Attach APIs for Containers can now attach to Stopped containers.
- Fixed a bug where the Compat and Libpod Create APIs for Containers did not respect the `no_hosts` option in `containers.conf` ([13719](https://github.com/containers/podman/issues/13719)).
- Fixed a bug where the default network mode for rootless containers created via the Compat Create API was not `bridge`.
- Fixed a bug where the Libpod List API for Containers did not allow filtering based on the `removing` status ([13986](https://github.com/containers/podman/issues/13986)).
- Fixed a bug where the Libpod Modify endpoint for Manifests did not respect the `tlsVerify` parameter.

Misc
- A number of dependencies have been pruned from the project, resulting in a significant reduction in the size of the Podman binary.
- Using `podman play kube` on a YAML that only includes `configMap` objects (and no pods or deployments) now prints a much clearer error message.
- Updated Buildah to v1.26.1
- Updated the containers/storage library to v1.40.2
- Updated the containers/image library to v5.21.1
- Updated the containers/common library to v0.48.0

Page 13 of 38

Links

Releases

Has known vulnerabilities

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.