Understanding Podman: Features, Differences from Docker, and Practical Usage Guide

Podman is an open‑source container runtime that works on most Linux platforms and offers Docker‑compatible commands while eliminating the need for a privileged daemon, allowing both root and root‑less operation.

Key differences between Podman and Docker include the absence of a central daemon in Podman, direct use of OCI runtimes (runC), and a different process hierarchy where Podman's conmon replaces Docker's containerd‑shim . Docker relies on multiple daemons (dockerd, containerd, containerd‑shim) that must run as root, introducing security concerns.

Common Podman commands

Container management

podman run           创建并启动容器
podman start          启动容器
podman ps             查看容器
podman stop           终止容器
podman restart        重启容器
podman attach         进入容器
podman exec           进入容器
podman export         导出容器
podman import         导入容器快照
podman rm             删除容器
podman logs           查看日志

Image management

podman search         检索镜像
podman pull           获取镜像
podman images         列出镜像
podman image ls       列出镜像
podman rmi            删除镜像
podman image rm       删除镜像
podman save           导出镜像
podman load           导入镜像
podman build          构建镜像
# Dockerfile 示例省略

Installation and acceleration

# 安装 Podman
yum -y install podman

# 配置加速器（版本7）
vim /etc/containers/registries.conf
registries = ["docker.io"]
[[docker.io]]
location="j3m2itm3.mirror.aliyuncs.com"

# 配置加速器（版本8）
unqualified-search-registries = ["docker.io"]
[[registry]]
prefix = "docker.io"
location = "j3m2itm3.mirror.aliyuncs.com"

Running a container example

# 拉取并运行 httpd 镜像
podman run -d --name httpd docker.io/library/httpd

# 查看容器列表
podman ps

# 检查容器日志
podman logs --latest

Root‑less operation

To allow non‑root users to run Podman, install crun (or another OCI runtime) and edit /etc/containers/containers.conf to set runtime = "crun" . Install slirp4netns and fuse‑overlayfs for networking and storage, and configure /etc/subuid and /etc/subgid for user namespace mappings.

Volume usage

# 以普通用户创建并挂载卷
su - zz
mkdir ~/data
podman run -it -v "$(pwd)"/data:/data docker.io/library/busybox /bin/sh
# 在容器内创建文件
touch /data/123
# 退出后在宿主机查看所有权
ls -l ~/data/123
# 使用 --userns=keep-id 保持宿主机用户所有权
podman run -it --name test -v "$(pwd)"/data:/data --userns=keep-id docker.io/library/busybox /bin/sh

Port mapping for non‑root users

Root‑less users cannot bind privileged ports (<1024) unless net.ipv4.ip_unprivileged_port_start is lowered in /etc/sysctl.conf . They can map ports >=1024 by default.

Overall, Podman provides a Docker‑compatible, daemon‑less experience with enhanced security and flexibility for both root and root‑less environments.