Podman uses Buildah(1) internally to create container images. Both tools share image (not container) storage, hence each can use or manipulate images (but not containers) created by the other.
Default settings for flags are defined in containers.conf. Most settings for Remote connections use the server's containers.conf, except when documented in man pages.
podman [GLOBAL OPTIONS]
Note: Setting this flag can cause certain commands to break when called on containers previously created by the other CGroup manager type. Note: CGroup manager is not supported in rootless mode when using CGroups Version V1.
This option may be set multiple times; paths from later options have higher precedence (oci-hooks(5) discusses directory precedence).
For the annotation conditions, libpod uses any annotations set in the generated OCI configuration.
For the bind-mount conditions, only mounts explicitly requested by the caller via --volume are considered. Bind mounts that libpod inserts by default (e.g. /dev/shm) are not considered.
If --hooks-dir is unset for root callers, Podman and libpod will currently default to /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d in order of increasing precedence. Using these defaults is deprecated, and callers should migrate to explicitly setting --hooks-dir.
Podman and libpod currently support an additional precreate state which is called before the runtime's create operation. Unlike the other stages, which receive the container state on their standard input, precreate hooks receive the proposed runtime configuration on their standard input. They may alter that configuration as they see fit, and write the altered form to their standard output.
WARNING: the precreate hook lets you do powerful things, such as adding additional mounts to the runtime configuration. That power also makes it easy to break things. Before reporting libpod errors, try running your container with precreate hooks disabled to see if the problem is due to one of your hooks.
Identity value resolution precedence: - command line value - environment variable CONTAINER_SSHKEY, if CONTAINER_HOST is found - containers.conf Remote connections use local containers.conf for default.
- CONTAINER_HOST is of the format <schema>://[<user[:<password>]@]<host>[:<port>][<path>]
Details: - user will default to either root or current running user - password has no default - host must be provided and is either the IP or name of the machine hosting the Podman service - port defaults to 22 - path defaults to either /run/podman/podman.sock, or /run/user/<uid>/podman/podman.sock if running rootless.
URL value resolution precedence: - command line value - environment variable CONTAINER_HOST - containers.conf - unix://run/podman/podman.sock Remote connections use local containers.conf for default.
Note: Do not pass the leading -- to the flag. To pass the runc flag --log-format json to podman build, the option given would be --runtime-flag log-format=json.
Overriding this option will cause the storage-opt settings in /etc/containers/storage.conf to be ignored. The user must specify additional options via the --storage-opt flag.
On remote clients, logging is directed to the file $HOME/.config/containers/podman.log.
NOTE --tmpdir is not used for the temporary storage of downloaded images. Use the environment variable TMPDIR to change the temporary storage location of downloaded container images. Podman defaults to use /var/tmp.
Connection information can also be managed using the containers.conf file.
125 The error is with podman itself
$ podman run --foo busybox; echo $? Error: unknown flag: --foo 125
126 Executing a contained command and the command cannot be invoked
$ podman run busybox /etc; echo $? Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error 126
127 Executing a contained command and the command cannot be found $ podman run busybox foo; echo $? Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error 127
Exit code contained command exit code
$ podman run busybox /bin/sh -c 'exit 3'; echo $? 3
|podman-attach(1)||Attach to a running container.|
|podman-auto-update(1)||Auto update containers according to their auto-update policy|
|podman-build(1)||Build a container image using a Containerfile.|
|podman-commit(1)||Create new image based on the changed container.|
|podman-completion(1)||Generate shell completion scripts|
|podman-cp(1)||Copy files/folders between a container and the local filesystem.|
|podman-create(1)||Create a new container.|
|podman-diff(1)||Inspect changes on a container or image's filesystem.|
|podman-events(1)||Monitor Podman events|
|podman-exec(1)||Execute a command in a running container.|
|podman-export(1)||Export a container's filesystem contents as a tar archive.|
|podman-generate(1)||Generate structured data based on containers, pods or volumes.|
|podman-healthcheck(1)||Manage healthchecks for containers|
|podman-history(1)||Show the history of an image.|
|podman-images(1)||List images in local storage.|
|podman-import(1)||Import a tarball and save it as a filesystem image.|
|podman-info(1)||Displays Podman related system information.|
|podman-init(1)||Initialize one or more containers|
|podman-inspect(1)||Display a container, image, volume, network, or pod's configuration.|
|podman-kill(1)||Kill the main process in one or more containers.|
|podman-load(1)||Load image(s) from a tar archive into container storage.|
|podman-login(1)||Login to a container registry.|
|podman-logout(1)||Logout of a container registry.|
|podman-logs(1)||Display the logs of one or more containers.|
|podman-machine(1)||Manage Podman's virtual machine|
|podman-manifest(1)||Create and manipulate manifest lists and image indexes.|
|podman-mount(1)||Mount a working container's root filesystem.|
|podman-network(1)||Manage Podman CNI networks.|
|podman-pause(1)||Pause one or more containers.|
|podman-play(1)||Play containers, pods or volumes based on a structured input file.|
|podman-pod(1)||Management tool for groups of containers, called pods.|
|podman-port(1)||List port mappings for a container.|
|podman-ps(1)||Prints out information about containers.|
|podman-pull(1)||Pull an image from a registry.|
|podman-push(1)||Push an image, manifest list or image index from local storage to elsewhere.|
|podman-rename(1)||Rename an existing container.|
|podman-restart(1)||Restart one or more containers.|
|podman-rm(1)||Remove one or more containers.|
|podman-rmi(1)||Removes one or more locally stored images.|
|podman-run(1)||Run a command in a new container.|
|podman-save(1)||Save image(s) to an archive.|
|podman-search(1)||Search a registry for an image.|
|podman-secret(1)||Manage podman secrets.|
|podman-start(1)||Start one or more containers.|
|podman-stats(1)||Display a live stream of one or more container's resource usage statistics.|
|podman-stop(1)||Stop one or more running containers.|
|podman-tag(1)||Add an additional name to a local image.|
|podman-top(1)||Display the running processes of a container.|
|podman-unmount(1)||Unmount a working container's root filesystem.|
|podman-unpause(1)||Unpause one or more containers.|
|podman-unshare(1)||Run a command inside of a modified user namespace.|
|podman-untag(1)||Removes one or more names from a locally-stored image.|
|podman-version(1)||Display the Podman version information.|
|podman-volume(1)||Simple management tool for volumes.|
|podman-wait(1)||Wait on one or more containers to stop and print their exit codes.|
Podman has builtin defaults for command line options. These defaults can be overridden using the containers.conf configuration files.
Distributions ship the /usr/share/containers/containers.conf file with their default settings. Administrators can override fields in this file by creating the /etc/containers/containers.conf file. Users can further modify defaults by creating the $HOME/.config/containers/containers.conf file. Podman merges its builtin defaults with the specified fields from these files, if they exist. Fields specified in the users file override the administrator's file, which overrides the distribution's file, which override the built-in defaults.
Podman uses builtin defaults if no containers.conf file is found.
If the CONTAINERS_CONF environment variable is set, then its value is used for the containers.conf file rather than the default.
The mounts.conf file specifies volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman start` commands. Administrators can override the defaults file by creating `/etc/containers/mounts.conf`.
When Podman runs in rootless mode, the file $HOME/.config/containers/mounts.conf will override the default if it exists. Please refer to containers-mounts.conf(5) for further details.
Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid.
registries.conf (/etc/containers/registries.conf, $HOME/.config/containers/registries.conf)
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. Non root users of Podman can create the `$HOME/.config/containers/registries.conf` file to be used instead of the system defaults. If the **CONTAINERS_REGISTRIES_CONF** environment variable is set, then its value is used for the registries.conf file rather than the default.
storage.conf (/etc/containers/storage.conf, $HOME/.config/containers/storage.conf)
storage.conf is the storage configuration file for all tools using containers/storage The storage configuration file specifies all of the available container storage options for tools using shared container storage. When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is used instead of the system defaults. If the **CONTAINERS_STORAGE_CONF** environment variable is set, the its value is used for the storage.conf file rather than the default.
Containers created by a non-root user are not visible to other users and are not seen or managed by Podman running as root.
It is required to have multiple uids/gids set for an user. Be sure the user is present in the files /etc/subuid and /etc/subgid.
If you have a recent version of usermod, you can execute the following commands to add the ranges to the files
$ sudo usermod --add-subuids 10000-75535 USERNAME $ sudo usermod --add-subgids 10000-75535 USERNAME
Or just add the content manually.
$ echo USERNAME:10000:65536 >> /etc/subuid $ echo USERNAME:10000:65536 >> /etc/subgid
See the subuid(5) and subgid(5) man pages for more information.
Images are pulled under XDG_DATA_HOME when specified, otherwise in the home directory of the user under .local/share/containers/storage.
Currently the slirp4netns package is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host.
The Network File System (NFS) and other distributed file systems (for example: Lustre, Spectrum Scale, the General Parallel File System (GPFS)) are not supported when running in rootless mode as these file systems do not understand user namespace. However, rootless Podman can make use of an NFS Homedir by modifying the $HOME/.config/containers/storage.conf to have the graphroot option point to a directory stored on local (Non NFS) storage.
For more information, please refer to the Podman Troubleshooting Page ⟨https://github.com/containers/podman/blob/master/troubleshooting.md⟩.