Translations: English - Português (Brasil)

podman manages containers, container images and pods. For the most common alternative, see Docker.

Contents

  1. Install podman
    1. Specify registries for unqualified searches
    2. Migrating from Docker
  2. Build images
    1. Build images from Debian environments
  3. See also

Only download images from sites you'd be comfortable downloading programs from. Otherwise, build your own image from source.

Install podman

podman can be installed directly via apt, optionally choosing an alternative container runtime (runc is installed by default). 

apt install podman crun

Specify registries for unqualified searches

A registry is a site you download container images from, like how a Debian repository is a site you download .deb packages from. But whereas apt searches all Debian repositories, podman expects you to qualify which registry you want to search: 

# No qualifier - returns nothing:
podman search podman

# Registry qualifier - returns several matches:
podman search quay.io/podman

To make unqualified searches useful, you need to set a list of unqualified-search registries: 

# Override registries.conf - returns several matches:
echo 'unqualified-search-registries=["quay.io"]' > /tmp/registries.conf
CONTAINERS_REGISTRIES_CONF=/tmp/registries.conf podman search podman

To permanently set your unqualified-search registries, add a line like unqualified-search-registries=["docker.io", "quay.io"] in either $HOME/.config/containers/registries.conf or /etc/containers/registries.conf.

Be careful when adding unqualified-search registries. For example, let's assume your unqualified-search registries are docker.io and quay.io. If you do podman pull debian, it will pull an official Debian image. But if you do podman pull some-user/some-image, you might get the version from either registry. That doesn't just risk downloading an unexpected version - a malicious user could upload malware to one registry with the same name as a legitimate package in another registry, then wait for you to accidentally download it.

For background information, see podman issue #8896.

Migrating from Docker

podman offers mostly the same CLI commands as docker. Type podman in place of sudo docker.

If you have difficulty retraining your fingers, install podman-docker to make the docker command call podman.

Build images

Podman images are usually built from Containerfiles (or Dockerfiles). For details, see podman-build. If you find an image on a site you're not sure about, download its Containerfile or Dockerfile, check it looks OK, then build your own image from the file.

For more complex cases, buildah provides a suite of tools to build environments.

Build images from Debian environments

Debian provides several tools to create a build system, which produce tarballs compatible with podman-import. If those tools are already part of your workflow, you can use them to create podman images. For example: 

mmdebstrap unstable | podman import - debian-unstable

See also

CategoryVirtualization | CategorySoftware | CategorySystemAdministration