Understanding Podman: Features, Differences from Docker, and Common Commands

Podman is an open‑source container runtime that runs on most Linux platforms without requiring a daemon or root privileges, offering Docker‑compatible command‑line functionality and OCI‑compliant image management.

Key differences from Docker include the absence of a daemon, a more logical process architecture, and direct use of the OCI runtime (runC) via the conmon common process, eliminating the need for dockerd and its associated containerd / containerd-shim chain.

Podman commands mirror Docker’s, covering container lifecycle ( run , start , ps , stop , restart , attach , exec , logs , etc.) and image management ( search , pull , images , rmi , build , save , load ). Example command blocks are shown below:

podman run           创建并启动容器
podman start         启动容器
podman ps            查看容器
podman stop          终止容器
podman restart       重启容器
podman attach        进入容器
podman exec          进入容器
podman export        导出容器
podman import        导入容器快照
podman rm            删除容器
podman logs          查看日志

Installation is straightforward (e.g., # yum -y install podman ) and can be accelerated by configuring registries.conf to use a mirror repository.

# vim /etc/containers/registries.conf
registries = ["docker.io"]
[[docker.io]]
location="j3m2itm3.mirror.aliyuncs.com"

Running containers as a non‑root user requires configuring subuid/subgid files, enabling crun as the OCI runtime, and optionally installing slirp4netns and fuse-overlayfs for rootless networking and storage.

# yum -y install crun
# vi /usr/share/containers/containers.conf
runtime = "crun"

Volumes can be mounted with proper user namespace handling; using --userns=keep-id ensures file ownership inside the container matches the host user.

# podman run -it -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Rootless containers can map privileged ports by adjusting net.ipv4.ip_unprivileged_port_start in /etc/sysctl.conf , allowing ports ≥80 to be exposed.

# echo 'net.ipv4.ip_unprivileged_port_start=80' >> /etc/sysctl.conf
# sysctl -p

Overall, Podman provides a Docker‑compatible yet daemon‑less experience, supporting rootless operation, flexible configuration, and seamless image handling for modern Linux container workflows.