RELEASE_NOTES.md
podman machine init --image command when run on Windows using the Hyper-V backend can run Powershell-escaped commands from the user-specified image path on in a Powershell session on the host (GHSA-hc8w-h2mf-hp59).unless-stopped restart policy would not restart after a reboot when podman-restart.service was enabled (#28152).Entrypoint="" in a Quadlet .container file did not clear the container's entrypoint (#28213).HealthCmd in a Quadlet .container file to a command that included double-quotes (") would result in a nonfunctional healthcheck due to a parsing issue (#28409).host network mode (#28289).shell driver due to options from the default driver being improperly added.db.sql file in Podman's storage directory to db.sql.bak (or similar) and reboot again with v5.8.1 to attempt another migration. Please contact the maintainers with any issues during migration and we will assist as able.podman quadlet install command can now install files which contain multiple separate Quadlet files. The files must be separated with a --- delimeter on a new line, and each section must begin with a # FileName=<name> line to name the new Quadlet (#27384)..container files now support a new key, AppArmor, for configuring the container's AppArmor profile (#27095).podman artifact add command against a podman machine VM, if the path being loaded or built is shared into the VM, Podman will load it from the VM's filesystem instead of streaming the data through the REST API, improving performance (#26321).podman update command now features a new option, --ulimit, to update container ulimits (#26381).podman exec command now features a new option, --no-session, which disables tracking of the exec session to improve performance and startup time (#26588).podman system migrate --migrate-db, will manually force a migration.podman secret create - command no longer requires that the secret be provided through a pipe, and instead allows typing the secret through the terminal (#27879).podman play kube with a healthcheck using the initialDelaySeconds option would run healthchecks before the initial delay had expired (#27678).podman export command would emit a Mount event instead of an Export event.podman kube play command incorrectly handled precedence between environment variables set by both the envFrom and env fields (#27287).podman kube play command would panic when parsing Pod YAML missing the image field (#27784).podman volume mount command returned empty paths when volumes were handled by a plugin driver (#27858).--rootfs instead of from an image would show that they had a healthcheck in the starting state even if no healthcheck was defined (#27651).podman build command's --pull=newer option did not function correctly (#22845).RequiresMountsFor field in Quadlet .container files incorrectly handled bind-mount paths which contained spaces.podman run --detach-keys option did not accept an empty string (IE, no detach keys) (#27414).podman build --secret ... env=VAR option would incorrectly try to read the environment variable on the server side, instead of from the client (#27494).podman artifact push and podman artifact pull commands ignored authentication credentials given by the --authfile option (#27421).podman run --pod-id-file option was not properly validated, allowing the creation of containers in pods with improper user namespace configuration (#26848).GET /libpod/quadlets/{name}/file (print contents of a Quadlet file), GET /libpod/quadlets/{name}/exists (check if the given Quadlet exists), POST /libpod/quadlets (install one or more Quadlets), DELETE /libpod/quadlets (remove one or more Quadlets), and DELETE /libpod/quadlets/{name} (remove a single Quadlet).DELETE /secret/{name} instead of DELETE /secrets/{name} (#27548).podman system migrate command could panic under certain circumstances when run rootless.podman kube play command could leak file descriptors.podman system service API server now support encrypting connections with TLS and mTLS, including client authentication by certificate (#24583).podman system connection add command can now create connections to TCP sockets with TLS and mTLS encryption.podman run and podman create commands now support two new options, --creds and --cert-dir, to manage logging into registries to pull images.podman kube play and podman kube down commands can now accept multiple files as input, creating or removing more than one pod or deployment with the same command (#26274).podman kube play command now supports a new option, --no-pod-prefix, to disable prefixing container names with pod names. Please note that this can cause pods to fail to create if the pod shares a name with a container (#26396).podman machine init command now supports a new option, --tls-verify, to control whether the machine image can be pulled from registries without a trusted TLS certificate, with the default being true (TLS verification on) (#26517).podman image load and podman build commands against a podman machine VM, if the path being loaded or built is shared into the VM, Podman will load it from the VM's filesystem instead of streaming the data through the REST API, improving performance (#26321).k8s-file log driver can now be specified with the log_path option in containers.conf.runtimes_flags option in containers.conf.podman artifact remove command can now accept multiple arguments, for example, podman artifact rm artifact1 artifact2.podman wait command now supports a new option, --return-on-first, which causes podman wait to return after any container matches the condition, as opposed to waiting for all containers to match (#26691).podman container restore command now supports a new option, --tcp-close, allowing containers with active TCP connections to be restored multiple times..artifact, allowing OCI artifacts to be managed with Quadlet (#25778)..container files now support a new key, HttpProxy, to disable the automatic forwarding of HTTP proxy options from the host into the container (#26925)..pod files now support a new key, StopTimeout, to configure the stop timeout for the pod (#27120)..build files now support two new keys, BuildArg and IgnoreFile, to specify build arguments and an ignore file (#27065 and #27268)..kube files now support multiple YAML files in a single .kube file.podman quadlet install command now supports a new option, --replace, which will replace any existing Quadlet with a conflicting name (#26930).podman quadlet print command now has a new alias, podman quadlet cat (#27296).podman artifact remove command now supports the --all option.podman artifact add command now supports a new option, --replace, which will replace any existing artifact with the given name (#27082).podman artifact rm command now supports a new option, --ignore, which will suppress errors when attempting to remove an artifact that does not exist (#27084).podman artifact list command now includes artifact creation time in its output (#27314).podman artifact list --format option now supports two new format keys, VirtualSize, returning the size of the artifact in integer bytes, and CreatedAt, returning the time the artifact was created as an RFC3339 timestamp (the existing Size and Created fields returned human-readable information) (#27085).podman artifact inspect command now supports a new option, --format, to return specific information about an artifact with user-specified formatting (#27112).SUPPRESS_BOLTDB_WARNING=true environment variable.-p/--publish and --network=ns:/path options are used together when creating a container, Podman will not warn that the -p option will be ignored as an existing namespace is in use (this has always been the case, but Podman now prints a warning about it) (#26663).podman stats command now provides additional information about container resource utilization when run on FreeBSD.--sysctl option to podman create and podman run, and the --interface-name option to podman network create.org.opencontainers.image.created annotation (#27081).podman inspect command can now inspect artifacts.podman artifact add command can now override the org.opencontainers.image.title annotation in created artifacts.--sign-by-sq-fingerprint option allows signing images using Seqoia-PGP keys.--filter ancestor= option to podman ps required complete matches, unlike Docker (which matched substrings) (#26623).--filter label= option to podman events did not support key-only matches (as podman os --filter label= does) (#26702).Mount was given without a source being specified..build file when a systemd specifier was used in the [Build] section (#26746).podman info command could panic when /proc/sys/fs/binfmt_misc was not mounted.podman run, podman exec, podman attach) due to a race condition (#26951).podman build command was ignoring SBOM related options (#23915).--userns=ns:/path option to podman create and podman run was broken with runc 1.1.11 and higher (#27148).podman machine on Windows would always re-pull machine images when using the WSL provider, even if an the image had already been pulled and was present on disk.GET /libpod/quadlets/json).ContainerConfig field. To access image configuration, use the Config field instead. This matches changes made by Docker in the v1.45 API.Content-Type header.--device option (for example --device /dev/fuse::) is passed to podman create or podman run have been improved.podman machine start command with SIGPIPE could result in machine state being stuck as "Starting" (#26949).podman build would fail with a permissions error when building Containerfiles using a non-root user and cache mounts (#27044).podman play kube containing ConfigMap and Secret volumes can use crafted symlinks to overwrite content on the host.journald events driver was in use.--security-opt seccomp=unconfined option was broken on Windows (#26855).container_name_as_hostname option in containers.conf set to true would fail to start./tmp, ensuring proper operation of Podman after a reboot if /tmp is not a tmpfs.podman quadlet install (install a new Quadlet for the current user), podman quadlet list (list installed Quadlets), podman quadlet print (print the contents of a Quadlet file), and podman quadlet rm (remove a Quadlet). These commands are presently not available with the remote Podman client - we expect support for this to arrive in a future release..container units can now specify environment variables without values in the Environment= key, retrieving the value from the host when the container is started (#26247)..pod units now support two new keys, Label= (to set labels on the created pod) and ExitPolicy= (to set exit policy for the created pod) (#25961 and #25596)..image units now support a new key, Policy=, to set pull policy for the image (e.g. pull always, pull only if newer version available) (#26446)..network units now support a new key, InterfaceName=, to specify the name of the network interface created.podman machine init command now supports a new option, --swap, enabling swap in the created virtual machine and setting it to a given size (in megabytes) (#15980).--mount option to podman create and podman run now supports dest= as a valid alias for destination=.podman kube play command can now restrict container execution to specific CPU cores and specific memory nodes using the io.podman.annotations.cpuset/$ctrname and io.podman.annotations.memory-nodes/$ctrname annotations (#26172).podman kube play command now supports the lifecycle.stopSignal field in Pod YAML, allowing the signal used to stop containers to be specified (#25389).podman artifact suite of commands for interacting with OCI artifacts is now available in the remote Podman client and the bindings for the REST API.podman volume import and podman volume export commands are now available in the remote Podman client (#26049).--build-context option to podman build is now supported by the remote Podman client (#23433).podman volume create command now accepts two new options, --uid and --gid, to set the UID and GID the volume will be created with.podman secret create command now has a new option, --ignore, causing the command to succeed even if a secret with the given name already exists.podman pull command now has a new option, --policy, to configure pull policy.--mount type=artifact option to podman create, podman run, and podman pod create now allows the filename of the artifact in the container to be set using the name= option (e.g. podman run --mount type=artifact,name=$NAME,...).--tmpfs option to podman create and podman run now allows a new option, noatime, to be passed (e.g. podman run --tmpfs /run:noatime ...) (#26102).podman update command now has a new option, --latest, to update the latest container instead of specifying a specific container (#26380).podman buildx inspect, has been added to improve Docker compatibility (#13014).podman machine VMs has been disabled by default due to issues with newer Linux kernels. These issues have been addressed in the Tahoe beta, and we plan on re-enabling support for Rosetta in a future Podman release once the fix is in wider circulation. You can find more details here.podman artifact suite of commands for interacting with OCI artifacts is now considered stable.podman machine VMs using the libkrun provider on an M3 or newer host running macOS 15+, nested virtualization is enabled by default.podman machine VMs on Windows using the WSL v2 provider, images are now pulled as artifacts from quay.io/podman/machine-os, matching the behavior of other VM providers.--sig-proxy option to podman run and podman attach is now more robust to races and no longer forwards the SIGSTOP signal.podman system check --quick command now skips checking layer digests.C:\Program Files\Windows Subsystem for Linux\wsl.exe over the one in WindowsApps, avoiding common “access denied” issues (#25787).--mount type=artifact option to podman create, podman run, and podman pod create now mounts artifacts containing a only a single blob as a file at the given destination path if the path does not exist in the image.podman volume export command now refuses to export to STDOUT if it is a TTY (#26506).User=, Group=, and DynamicUser= in the [Service] section of a unit, Quadlet will now warn the user of the potential incompatibility (#26543).--security-opt unmask= option to podman create and podman run did not allow comma-separated lists of paths to be passed, instead only allowing a single path.podman machine init could fail if run in a Podman container (#25950).podman machine VMs would sometimes receive incorrect timezone information.podman machine VMs created with a custom username would not have lingering enabled.podman machine init command on Windows when using the WSL 2 provider did not reliably determine if WSL was installed (#25523)..pod units that did not specify the PodName= key was set incorrectly (#26062)..container units joining a pod specified in a .pod unit would fail as the pod name was set incorrectly when creating the container (#26105).RequiresMountsFor when mounting a .volume unit with Type=bind set into a container (#26125)..pod files did not include the last Environment= key in the [Service] section in the generated systemd service (#26521).--hooks-dir would fail to run when containers were restarted (#17935).--mount option to podman create and podman run required the type= option to be specified, instead of defaulting to volume when it was not present (#26101).podman kube play command would fail on Windows when specifying an absolute path to YAML files (#26350).--security-opt seccomp= option to podman create, podman run, and podman pod create could error on Windows when given a path to a Seccomp profile (#26558).--blkio-weight-device, --device-read-bps, --device-write-bps, --device-read-iops, and --device-write-iops options to podman create and podman run incorrectly accepted non-block devices.podman build command handled the --ignorefile option differently from the buildah bud command (#25746).podman rm -f command could return an error when trying to remove a running container whose conmon process had been killed (#26640).podman inspect command did not correctly display log size for containers when log_size_max was set in containers.conf.GET /libpod/artifacts/{name}/json), listing all artifacts (GET /libpod/artifacts/json), pulling an artifact (POST /libpod/artifacts/pull), removing an artifact (DELETE /libpod/artifacts/{name}), adding an artifact (or appending to an existing artifact) from a tar file in the request body (POST /libpod/artifacts/add), pushing an artifact to a registry (/libpod/artifacts/{name}/push), and retrieving the contents of an artifact (GET /libpod/artifacts/{name}/extract).HostConfig.CgroupnsMode, to specify the cgroup namespace mode of the created container.base_hosts_file option in containers.conf.DefaultAddressPools.BuilderSize field.Builder-Version to 1 to match Docker installs that do not include BuildKit.shared-size field unconditionally, even if the shared-size query parameter was not set to true. If not requested through query parameter, it is set to -1. This improves Docker API compatibility.VirtualSize field when Docker API version 1.44 and up is requested.FORCE parameter was set to true; Docker only removes stopped containers (#25871).application/json responses would be HTML escaped, mutating some responses (e.g. <missing> becoming \u003cmissing\u003e in image history responses) (#17769).podman stop/podman pod stop.libsqlite3 build tag to force this behavior when not using the Makefile to build.podman machine was, by default, not validated, allowing connections to servers with invalid certificates by default and potentially allowing a Man in the Middle attack./ could overmount important directories such as /proc causing start and/or runtime failures due to an issue with mount ordering (#26161)..pod units could fail to start due to their storage not being mounted (#26190).resolv.conf (#24713).--dns-opt option to podman create, podman run, and podman pod create would append options to the container's resolv.conf, instead of replacing them (#22399).podman kube play command would add an empty network alias for containers created with no name specified, causing Netavark to emit extraneous warnings.podman system df command would panic when one or more containers were created using a root filesystem (the --rootfs option to podman create and podman run) instead of from an image (#26224).log_tag field in containers.conf would override the --log-opt tag=value option to podman create and podman run (#26236).podman volume rm and podman volume inspect commands would incorrectly handle volume names containing the _ character when the SQLite database backend was in use (#26168).-v source:destination:O) (#25988).-1 were causing errors, instead of being interpreted as the maximum possible value (#24886).[] (an empty array) was ignored, instead of setting an empty entrypoint (#26078).podman machine cp, to copy files into a running podman machine VM.podman artifact extract, to copy some or all of the contents of an OCI artifact to a location on disk.--mount option to podman create, podman run, and podman pod create now supports a new mount type, --mount type=artifact, to mount OCI artifacts into containers.podman artifact add command now features two new options, --append (to add new files to an existing artifact) and --file-type (to specify the MIME type of the file added to the artifact) (#25884).podman artifact rm command now features a new option, --all, to remove all artifacts in the local store.--filter option to podman pause, podman ps, podman restart, podman rm, podman start, podman stop, and podman unpause now accepts a new filter, command, which filters on the first element (argv[0]) of the command run in the container.podman exec command now supports a new option, --cidfile, to specify the ID of the container to exec into via a file (#21256).podman kube generate and podman kube play commands now supports a new annotation, io.podman.annotation.pids-limit/$containername, preserving the PID limit for containers across kube generate and kube play (#24418)..container units now support three new keys, Memory= (set maximum memory for the created container), ReloadCmd (execute a command via systemd ExecReload), and ReloadSignal (kill the container with the given signal via systemd ExecReload) (#22036)..container, .image, and .build units now support two new keys, Retry (number of times to retry pulling image on failure) and RetryDelay (delay between retries) (#25109)..pod units now support a new key, HostName=, to set the pod's hostname (#25639).UpheldBy, in the Install section, corresponding to the systemd Upholds option.Wants=my.container is now valid.--cdi-spec-dir, to specify additional search paths for CDI specs to the CDI loader (#18292 and #25691).podman build command now supports a new option, --inherit-labels (defaults to true), which controls whether labels are inherited from the base image or base stages.podman update command now supports two new options, --env and --unsetenv, to alter the environment variables of existing containers (#24875).containers.Commit() function now returns a new struct (types.IDResponse) with identical contents, and the containers.ExecCreate function's handlers.ExecCreateConfig parameter now contains a different embedded struct, potentially requiring changes to how it is assigned to.stopped, which is reported if the container the healthcheck was run on stopped before the check could be completed (#25276).podman machine VMs with a host mount over the VM's /tmp directory is no longer allowed (#18230).podman logs command now allows options to be specified after the container name (e.g. podman logs $containername --follow) (#25653).catatonit binary will be used (#23292).podman system reset command no longer removes the user's podman.sock API socket.dns.podman added. Queries resolving such names will still work..network unit will now delete the network (if no containers are actively using it) (#23678)./proc/interrupts and /sys/devices/system/cpu/$CPU/thermal_throttle paths are now masked by default in containers (#25634).CAP_SYS_ADMIN (#25241).podman exec command would not add the additional groups of the user the exec session was run as unless the user was explicitly added with the --user option (#25610).podman network connect and podman network disconnect commands could create errors in the database which would cause podman inspect on the container to fail.podman kube generate command did not correctly generate YAML for volume mounts using a subpath.podman system df command could show a negative reclaimable size.podman machine VM that was not podman-machine-default (the default VM) with the podman machine ssh command would put the user into the rootless shell (#25332).podman machine init would report nonsensical memory values in error messages when trying to create a machine with more memory than the system.podman start --attach command would incorrectly print an error when run on a container created with the --rm option (#25965).podman pull command could hang and leak memory if the server was unexpectedly stopped or encountered an error during a pull.podman cp command would, on Windows, often fail to copy files into the container due to improper handling of Windows paths (#14862).podman container clone command did not correctly copy healthcheck settings to the new container (#21630).podman kube play command would fail to start empty pods (#25786).podman volume ls command did not output headers when no volumes were present (#25911).--health-cmd option was specified when creating the container (#20212).--user option to podman create and podman run could not be used with users added to the container by the --hostuser option (#25805).podman system reset command on FreeBSD would incorrectly print an error.podman machine start command with SIGINT could result in machine state being incorrectly set to "Starting" (#24416).podman machine start command would fail when starting a VM with volume mounts containing spaces using the HyperV machine provider (#25500).ExecStartAndAttach() function in the Go bindings for the REST API have been silenced, where the function would incorrectly report errors when stdin was consumed after the exec session was stopped (#25344).podman import command could not import images compressed with algorithms other than gzip (#25593).podman cp command could deadlock when copying into a non-empty volume on a container that is not running (#25585).--pid-limit=-1 option did not function properly with containers using the runc OCI runtime.podman artifact pull command did not respect the --retry-delay option.podman wait command would sometimes error when waiting for a container set to auto-remove..kube units would not report an error (and stay running) even when a pod failed to start (#20667).podman artifact suite of commands, including add, inspect, ls, pull, push, and rm. This support is very early and not fully complete, and the command line interface for these tools has not been finalized. We welcome feedback on the new artifact experience through our issue tracker!podman update command now supports a wide variety of options related to healthchecks (including --health-cmd to define a new healthcheck and --no-healthcheck to disable an existing healthcheck), allowing healthchecks to be added to, removed from, and otherwise updated on existing containers. You can find full details on the 15 added options in the manpage.--mount type=volume option for the podman run, podman create, and podman volume create commands now supports a new option, subpath=, to make only a subset of the volume visible in the container (#20661).--userns=keep-id option for the podman run, podman create, and podman pod create commands now supports a new option, --userns=keep-id:size=, to configure the size of the user namespace (#24387).podman kube play command now supports Container Device Interface (CDI) devices (#17833).podman machine init command now supports a new option, --playbook, to run an Ansible playbook in the created VM on first boot for initial configuration..pod files now support a new field, ShmSize, to specify the size of the pod's shared SHM (#22915).podman run, podman create, and podman pod create commands now support a new option, --hosts-file, to define the base file used for /etc/hosts in the container.podman run, podman create, and podman pod create commands now support a new option, --no-hostname, which disables the creation of /etc/hostname in the container (#25002).podman network create command now supports a new option for bridge networks, --opt mode=unmanaged, which allows Podman to use an existing network bridge on the system without changes.--network option to podman run, podman create, and podman pod create now accepts a new option for bridge networks, host_interface_name, which specifies a name for the network interface created outside the container.podman manifest rm command now supports a new option, --ignore, to not error when removing manifests that do not exist.podman system prune command now supports a new option, --build, to remove build containers leftover from prematurely terminated builds.podman events command now generates events for the creation and removal of networks (#24032).: as a character to define comments. This was a mistake; developer intent and documentation was that # and ; were to be used as comment characters instead, matching systemd. This has been corrected, and semicolons now define comments instead of colons.zstd:chunked images now only happen for images that have a RootFS.DiffID entry in the image's OCI config JSON, and require the layer contents to match. This resolves issues with image ID ambiguity when partial pulls were enabled.BUILD_ORIGIN environment variable when building podman from the Makefile. This provides information on who built the Podman binary, and is displayed in podman version and podman info. This will help upstream bug reports, allowing maintainers to trace how and where the binary was built and installed from.podman machine VMs on WSL could fail to start when using usermode networking could fail to start due to a port conflict (#20327).podman build command did not honor the no_pivot_root setting from containers.conf (#24546).podman cp was used to copy into a fresh volume in a container that had never been started.podman cp to copy into a named volume requiring a mount (image volumes, volumes backed by a volume plugin, or other volumes with options) would fail when the container being copied into was stopped.CAP_SYS_RESOURCE (#24692).podman stats --all command would fail if a container started with --cgroups=none was present (#24632).podman info command would only return details on one image store even if additional image stores were configured in storage.conf.podman update command could reset resource limits that were not being modified to default (#24610).podman update command could not update resource limits on devices mounted into the container (#24734).podman manifest annotate command could panic when the --index option was used (#24750)./etc/containers/systemd/users/ (#24783).podman generate kube could generate persistent volumes with mixed-case names or names containing an underscore, which are not supported by Kubernetes (#16542).ptmxmode option to --mount type=devpts did not function..exe in the executable name, breaking completion on some shells.podman inspect on containers did not include the ID of the network the container was joined to, improving Docker compatibility (#24910).libkrun backend for VMs on Intel Macs (libkrun only supports Arm systems).libkrun and applehv VMs from podman machine could be started at the same time on Macs (#25112).podman exec commands could not detach from the exec session using the detach keys (#24895).nohosts, which (when set to true) does not create /etc/hosts in the image when building.docker compose (#19338).podman-restart.service functioned incorrectly when no containers were present..build files could create an invalid podman command line when Pull= was used (#24599).--ignition-path option to podman machine init would prevent creation of necessary files for the VM, rendering it unusable (#23544).bridge networking mode would be unable to start due to a panic caused by a nil pointer dereference (#24566).podman kube generate and podman kube play commands can now create and run Kubernetes Job YAML (#17011).podman kube generate command now includes information on the user namespaces for pods and containers in generated YAML. The podman kube play command uses this information to duplicate the user namespace configuration when creating new pods based on the YAML.podman kube play command now supports Kubernetes volumes of type image (#23775).ServiceName key in all supported Quadlet files (#23414).network-online.target via a new key, DefaultDependencies, supported by all Quadlet files (#24193)..container and .pod files now support a new key, AddHost, to add hosts to the container or pod.PublishPort key in Quadlet .container and .pod files can now accept variables in its value (#24081)..container files now support two new keys, CgroupsMode and StartWithPod, to configure cgroups for the container and whether the container will be started with the pod it is part of (#23664 and #24401)..container files can now use the network of another container by specifying the .container file of the container to share with in the Network key..container files can now mount images managed by .image files into the container by using the Mount=type=image key with a .image target..pod files now support six new keys, DNS, DNSOption, DNSSearch, IP, IP6, and UserNS, to configure DNS, static IPs, and user namespace settings for the pod (#23692)..image files can now give an image multiple times by specifying the ImageTag key multiple times (#23781)./run/containers/systemd directory as well as existing directories like $HOME/containers/systemd and /etc/containers/systemd/users.podman manifest inspect command now includes the manifest's annotations in its output.podman inspect command for containers now includes a new field, HostConfig.AutoRemoveImage, which shows whether a container was created with the --rmi option set.podman inspect command for containers now includes a new field, Config.ExposedPorts, which includes all exposed ports from the container, improving Docker compatibility.podman inspect command for containers now includes a new field, Config.StartupHealthCheck, which shows the container's startup healthcheck configuration.podman inspect command for containers now includes a new field in Mounts, SubPath, which contains any subpath set for image or named volumes.podman machine list command now supports a new option, --all-providers, which lists machines from all supported VM providers, not just the one currently in use.podman machine on Windows will now provide API access by exposing a Unix socket on the host filesystem which forwards into the VM (#23408).podman buildx prune and podman image prune commands now support a new option, --build-cache, which will also clean the build cache.--add-host option to podman create, podman run, and podman pod create now supports specifying multiple hostnames, semicolon-separated (e.g. podman run --add-host test1;test2:192.168.1.1) (#23770).podman run and podman create commands now support three new options for configuring healthcheck logging: --health-log-destination (specify where logs are stored), --health-max-log-count (specify how many healthchecks worth of logs are stored), and --health-max-log-size (specify the maximum size of the healthcheck log).--map-guest-addr option by default which is used for the host.containers.internal entry in /etc/hosts to allow containers to reach the host by default (#19213).-infra (#23665).podman system connection add command now respects HTTP path prefixes specified with tcp:// URLs.https_proxy) declared in containers.conf no longer escape special characters in their values when used with podman machine VMs (#23277).podman images --sort=repository command now also sorts by image tag as well, guaranteeing deterministic output ordering (#23803).podman machine VM running and second rootful podman machine VM initialized, and the rootless VM is removed, the connection to the second, rootful machine now becomes the default as expected (#22577).podman inspect on a container the secret is used in (#23788).podman-user-wait-network-online.service, instead of the user session's nonfunctional network-online.target.podman ps are now correctly grouped and deduplicated when they are also published (#23317).RemainAfterExit=yes by default.--build-context option to podman build did not function properly on Windows, breaking compatibility with Visual Studio Dev Containers (#17313).SecurityLabelDisable or SecurityLabelNested keys were used (#23432).PODMAN_COMPOSE_WARNING_LOGS environment variable did not suppress warnings printed by podman compose that it was redirecting to an external provider.podman container cleanup command was run on a container in the process of being removed, an error could be printed./etc/containers/systemd/users/ would be loaded for root as well when /etc/containers/systemd was a symlink (#23483).podman stop command would, if called with --cidfile pointing to a non-existent file and the --ignore option set, stop all containers (#23554).podman wait would only exit only after 20 second when run on a container which rapidly exits and is then restarted by the on-failure restart policy.podman volume rm and podman run -v could deadlock when run simultaneously on the same volume (#23613).podman mount on a container in the process of being created could cause a nonsensical error indicating the container already existed (#23637).podman stop command could deadlock when run on containers with very large annotations (#22246).podman machine stop command could segfault on Mac when a VM failed to stop gracefully (#23654).podman stop command would not ensure containers created with --rm were removed when it exited (#22852).--rmi option to podman run did not function correctly with detached containers.podman inspect on a container on FreeBSD would emit an incorrect value for the HostConfig.Device field, breaking compatibility with the Ansible Podman module.--cgroup-parent option (#23780).podman build -v command did not properly handle Windows paths passed as the host directory.podman run command could sometimes fail to retrieve a container's exit code for containers run with the --rm option.podman machine on Windows could fail to run VMs for certain usernames containing special characters.RemapUsers=keep-id when run as root.Service section of Quadlet files would only use defaults and not respect user input (#24322).podman volume ls would sometimes fail when a volume was removed at the same time it was run.--tz=local option could not be used when the TZDIR environment variable was set.application/x-tar compressed context directories (#24015).podman system service via a socket-activated systemd service (#24152).podman machine start has been improved when trying to start a machine when another is already running (#23436).$XDG_CONFIG_HOME/containers/nodocker when considering whether it should print its warning message that Podman is in use.contrib/systemd/system directory in the repo for consistency with our other unit files.RUN --mount type=cache arguments to a Dockerfile being built./etc/passwd or /etc/group to potentially cause a denial of service through reading a FIFO on the host.RUN --mount arguments to a Dockerfile being built.pasta network mode.:idmap mount option was used./home (#23515).libkrun as a backend for creating virtual machines on MacOS. The libkrun backend has the advantage of allowing GPUs to be mounted into the virtual machine to accelerate tasks. The default backend remains applehv..build files, which allows images to be built by Quadlet and then used by Quadlet containers..container files now support two new fields, LogOpt to specify container logging configuration and StopSignal to specify container stop signal (#23050)..container and .pod files now support a new field, NetworkAlias, to add network aliases.container.d, pod.d) and truncated unit drop-ins (unit-.container.d) (#23158).podman system check, which will identify (and, if possible, correct) corruption within local container storage.podman machine reset command will now reset all providers available on the current operating system (e.g. ensuring that both HyperV and WSL podman machine VMs will be removed on Windows)..image units now have a dependency on network-online.target (#21873).--device option to podman create and podman run is no longer ignored when --privileged is also specified (#23132).podman start and podman stop commands no longer print the full ID of the pod started/stopped, but instead the user's input used to specify the pod (e.g. podman pod start b will print b instead of the pod's full ID) (#22590).podman machine on Linux now use virtiofs instead of 9p for mounting host filesystems. Existing mounts will be transparently changed on machine restart or recreation. This should improve performance and reliability of host mounts. This requires the installation of virtiofsd on the host system to function.--squash and --layers=false options to podman build at the same time is now allowed.--volume-driver option to podman machine init is now deprecated.--sdnotify=healthy option could panic when started (#22651).--sdnotify=healthy option that exited quickly would sometimes return an error instead of notifying that the container was ready (#22760).podman system reset command did not remove the containers/image blob cache (#22825).--cgroups=disabled option was specified at container creation time (#20910)./etc/hosts file in a container was not created with a newline at the end of the file (#22729).podman start command could sometimes panic when starting a container in the stopped state.podman system renumber command would fail if volumes existed when using the sqlite database backend (#23052).podman container restore command could not successfully restore a container in a pod.podman diff would suggest using the --latest option when using the remote Podman client (#23038).podman events command was rarely unable to report errors that occurred (#23165).--cidfile option.podman run and podman start commands could throw strange errors if another Podman process stopped the container at a midpoint in the process of starting (#23246).podman system service command could leak a mount on termination.podman images (#23120).podman auto-update and podman system df commands could fail when a container was removed while the command was running (#23279).podman machine init command could panic when trying to decompress an empty file when preparing the VM image (#23281).podman ps --pod and podman pod stats commands could sometimes fail when a pod was removed while the command was running (#23282).podman stats and podman pod stats commands would sometimes exit with a container is stopped error when showing all containers (or pod containers, for pod stats) if a container stopped while the command was running (#23334).podman play kube command could sometimes not properly clean up their network stacks (#21569).podman build command when the -f option is given, but points to a file that does not exist, have been improved (#22940).podman machine volumes into the virtual machine when using the Apple hypervisor (#22569).podman top would show the incorrect UID for processes in containers run in a user namespace (#22293)./etc/hosts and /etc/resolv.conf files in a container would be empty after restoring from a checkpoint (#22901).--pod-id-file argument to podman run and podman create did not respect the pod's user namespace (#22931).CONTAINER_CONNECTION environment variable would lead to a panic.podman machine using the Apple hypervisor now wait 90 seconds before forcibly stopping the VM, matching the standard systemd shutdown timeout (#22515).podman machine on macOS with Apple silicon can now use Rosetta 2 (a.k.a Rosetta) for high-speed emulation of x86 code. This is enabled by default. If you wish to change this option, you can do so in containers.conf.podman update command are now persistent, and will survive container restart and be reflected in podman inspect.podman update command now includes a new option, --restart, to update the restart policy of existing containers..container files now support a new key, GroupAdd, to add groups to the container.podman inspect.podman run --mount type=image,... now support a new option, subpath, to mount only part of the image into the container.healthcheck_events, has been added to containers.conf under the [engine] section to allow users to disable the generation of health_status events to avoid spamming logs on systems with many healthchecks.io.podman.annotations.kube.image.automount/$CTRNAME annotation (where $CTRNAME is the name of the container they will be mounted into).podman info command now includes the default rootless network command (pasta or slirp4netns).podman ps command now shows ports from --expose that have not been published with --publish-all to improve Docker compatibility.podman container runlabel command now expands $HOME in the label being run to the user's home directory.podman network list, has been added to the podman network ls command.podmansh can now be set in containers.conf.podman-setup.exe Windows installer now provides 3 new CLI variables, MachineProvider (choose the provider for the machine, windows or wsl, the default), HyperVCheckbox (can be set to 1 to install HyperV if it is not already installed or 0, the default, to not install HyperV), and SkipConfigFileCreation (can be set to 1 to disable the creation of configuration files, or 0, the default).podman kube play that does not include an imagePullPolicy and does not set a tag for the image, the image is now always pulled (#21211).podman kube play, pod-level restart policies are now passed down to individual containers within the pod (#20903).--runroot global option can now accept paths with lengths longer than 50 characters (#22272).podman update command now emits an event.--userns=keep-id:uid=0 option to podman create and podman run would generate incorrect UID mappings and cause the container to fail to start (#22078).podman stats could report inaccurate percentages for very large or very small values (#22064).rbind instead of bind, meaning recursive mounts were allowed by default (#22107).podman machine rm -f command would fail to remove Hyper-V virtual machines if they were running.podman ps --sync command could sometimes fail to properly update the status of containers.:idmap option would sometimes be inaccessible with rootless Podman (#22228).:U option would have their ownership changed to the owner of the directory in the image being mounted over (#22224).--force option did not work when multiple arguments were given to the command and one of them did not exist (#21529).pause.pid file in an incorrect directory (#22327).containers.conf (#22561).podman kube down command would not respect the StopTimeout and StopSignal of containers that it stopped (#22397).podman stop finished stopping the container (#19629).podman farm build command would not updating manifests on the registry that were already pushed (#22647).argv[0] that is not a valid command path, as might happen when used in podmansh (#22672).podman machine connection URIs could be incorrect after an SSH port conflict, rendering machines inaccessible.podman events command would not print an error if incorrect values were passed to its --since and --until options.host.containers.internal entry could be added when running rootless containers using the bridge network mode (#22653).podman machine on Darwin systems when --log-level=debug is used.EXTRA_BUILD_TAGS environment variable.podman machine start would fail if the machine had a volume with a long target path (#22226).podman machine start mounted volumes with paths that included dashes in the wrong location (#22505).:z or :Z volume mount options on a directory with read only files (#19852)podman machine VMs required an SSH client be installed on the system (#22075).podman build command from working properly when connecting from a rootless client to a rootful server (#22109).podman machine now fails immediately if admin privileges are not available (previously, it would only fail when it reached operations that required admin privileges).podman machine can now use the native Apple hypervisor (applehv) when run on MacOS.podman machine reset, which will remove all existing podman machine VMs and relevant configurations.podman manifest add command now supports a new --artifact option to add OCI artifacts to a manifest list.podman create, podman run, and podman push commands now support the --retry and --retry-delay options to configure retries for pushing and pulling images.podman run and podman exec commands now support a new option, --preserve-fd, which allows passing a list of file descriptors into the container (as an alternative to --preserve-fds, which passes a specific number of file descriptors).podman kube play command can now create image-based volumes using the volume.podman.io/image annotation.podman kube play can now include volumes from other containers (similar to the --volumes-from option) using a new annotation, io.podman.annotations.volumes-from (#16819).podman kube play can now set user namespace options through the io.podman.annotations.userns annotation in the pod definition (#20658).containers.conf field interface_name (#21313).--gpus option to podman create and podman run is now compatible with Nvidia GPUs (#21156).--mount option to podman create and podman run supports a new mount option, no-dereference, to mount a symlink (instead of its dereferenced target) into a container (#20098).--config, to point to a Docker configuration where we can source registry login credentials.podman ps --format command now supports a new format specifier, .Label (#20957).uidmapping and gidmapping options to the podman run --userns=auto option can now map to host IDs by prefixing host IDs with the @ symbol..pod unit files (#17687).Entrypoint and StopTimeout, in .container files (#20585 and #21134).Ulimit key multiple times in .container files to set more than one ulimit on a container.Notify key to healthy in .container files, to only sdnotify that a container has started when its health check begins passing (#18189).podman machine commands has seen extensive rewrites. Configuration files have changed format and VMs from Podman 4.x and earlier are no longer usable. podman machine VMs must be recreated with Podman 5.podman machine init command now pulls images as OCI artifacts, instead of using HTTP. As a result, a valid policy.json file is required on the host. Windows and Mac installers have been changed to install this file.podman machine on Mac. Instead, the native Apple hypervisor is supported.ConfigPath and Image fields are no longer provided by the podman machine inspect command. Users can also no longer use {{ .ConfigPath }} or {{ .Image }} as arguments to podman machine inspect --format.podman inspect for containers has seen a number of breaking changes to improve Docker compatibility, including changing Entrypoint from a string to an array of strings and StopSignal from an int to a string.podman inspect command for containers now returns nil for healthchecks when inspecting containers without healthchecks.podman pod inspect command now outputs a JSON array regardless of the number of pods inspected (previously, inspecting a single pod would omit the array).PODMAN_IGNORE_CGROUPSV1_WARNING environment variable can be set to suppress warnings.slirp4netns to pasta for improved performance. As a result, networks named pasta are no longer supported.--image option replaces the now deprecated --image-path option for podman machine init.podman events --format "{{json .}}" has been changed to improve Docker compatibility, including the time and timeNano fields (#14993).podman machine VMs and the username used within the VM are now validated and must match this regex: [a-zA-Z0-9][a-zA-Z0-9_.-]*.--annotation to podman manifest annotate and podman manifest add, the --configmap, --log-opt, and --annotation options to podman kube play, the --pubkeysfile option to podman image trust set, the --encryption-key and --decryption-key options to podman create, podman run, podman push and podman pull, the --env-file option to podman exec, the --bkio-weight-device, --device-read-bps, --device-write-bps --device-read-iops, --device-write-iops, --device, --label-file, --chrootdirs, --log-opt, and --env-file options to podman create and podman run, and the --hooks-dir and --module global options.podman system reset command no longer waits for running containers to gracefully stop, and instead immediately sends SIGKILL (#21874).podman network inspect command now includes running containers using the network in its output (#14126).podman compose command is now supported on non-AMD64/ARM64 architectures.podman machine will now pass HTTP proxy environment variables into the VM for all providers.--no-trunc option to the podman kube play and podman kube generate commands has been deprecated. Podman now complies to the Kubernetes specification for annotation size, removing the need for this option.DOCKER_HOST environment variable will be set by default for rootless users when podman-docker is installed.podman system connection and farms from podman farm are now written to a new configuration file called podman-connections.conf. As a result, Podman no longer writes to containers.conf. Existing connections from containers.conf will still be respected.podman farm subcommands (save for podman farm build) no longer need to connect to the machines in the farm to run.podman create and podman run commands no longer require specifying an entrypoint on the command line when the container image does not define one. In this case, an empty command will be passed to the OCI runtime, and the resulting behavior is runtime-specific.podman machine VMs on Mac is now system_u:object_r:nfs_t:s0 so that it can be shared with all containers without issue.podman machine will now share a single SSH key key for access. As a result, podman machine rm --save-keys is deprecated as the key will persist by default.podman stats command would not show network statistics when the pasta network mode was used.podman machine VMs using the HyperV provider could not mount shares on directories that did not yet exist.podman compose command did not respect the --connection and --url options.podman stop -t -1 command would wait for 0 seconds, not infinite seconds, before sending SIGKILL (#21811).slirp4netns network mode was used with a restart policy of always or unless-stopped or on-failure and a user namespace (#21477).docker.sock symlink (#20650).podman image scp command could fail if there was not sufficient space in the destination machine's /tmp for the image (#21239).podman inspect (#13102).podman kube play did not create memory-backed emptyDir volumes using a tmpfs filesystem.--rm were sometimes not removed after a reboot (#21482).podman events command using the remote Podman client did not display the network name associated with network events (#21311).podman farm build did not properly handle the --tls-verify option and would override server defaults even if the option was not set by the user (#21352).podman inspect command could segfault on FreeBSD (#21117)..container file with certain types of trailing whitespace (#21109).bind-mount-options key (#21080)..container files (#20992).--publish-all option to podman kube play did not function when used with the remote Podman client.podman kube play --build command could not build images whose Dockerfile specified an image from a private registry with a self-signed certificate in a FROM directive (#20890)./libpod/images/$name/resolve, has been added to resolve a (potential) short name to a list of fully-qualified image references Podman which could be used to pull the image./etc/hosts were copied into create containers, resulting in incompatibility with network aliases.podman container commit command now features a --config option which accepts a filename containing a JSON-encoded container configuration to be merged in to the newly-created image.--rootful option to podman machine set would not set the machine to use the root connection (#21195).euid != 0 and capabilities set (#20766).podman info command would crash on if called multiple times when podman was running as euid=0 without CAP_SYS_ADMIN (#20908).podman machine commands were not relayed to the correct machine on AppleHV (#21115).podman machine list and podman machine inspect commands would not show the correct Last Up time on AppleHV (#21244).podman farm suite of commands for multi-architecture builds is now fully enabled and documented.podman machine did not forward the API socket to the host machine.podman kube play could cause Podman to panic.podman system reset could fail if non-Podman containers (e.g. containers created by Buildah) were present.podman machine VMs now default to a PID limit of unlimited, instead of 2048.podman kube play --replace, the pod is removed on the client side, not the server side (#20705).podman machine rm -f would cause a deadlock when running with WSL.database is locked errors with the new sqlite database backend (#20809).podman-remote exec would fail if the server API version is older than 4.8.0 (#20821).CONTAINERS_MACHINE_PROVIDER environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.podman build command now supports Containerfiles with heredoc syntax.podman login and podman logout commands now support a new option, --compat-auth-file, which allows for editing Docker-compatible config files (#18617).podman machine init and podman machine set commands now support a new option, --usb, which sets allows USB passthrough for the QEMU provider (#16707).--ulimit option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319).podman play kube command now supports the BUILDAH_ISOLATION environment variable to change build isolation when the --build option is set (#20024).podman volume create command now supports --opt o=size=XYZ on tmpfs file systems (#20449).podman info command for remote calls now reports client information even if the remote connection is unreachableprivileged, to containers.conf, which sets the defaults for the --privileged flag when creating, running or exec'ing into a container.podman kube play command now supports setting DefaultMode for volumes (#19313).--opt option to the podman network create command now accepts a new driver specific option, vrf, which assigns a VRF to the bridge interface.--rdt-class=COS has been added to the podman create and podman run commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.podman kube play command now supports a new option, --publish-all, which exposes all containerPorts on the host.label!=, which filters for containers without the specified label.containers.conf settings when creating and managing containers.--help option to the podman push command now shows the compression algorithm used.commit command now shows progress messages (#19947).podman kube play command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321).--tty,-t option to the podman exec command now defines the TERM environment variable even if the container is not running with a terminal (#20334).helper_binaries_dir option in containers.conf to lookup the init binary (catatonit).applehv, qemu, wsl, and hyperv are no longer valid Podman machine namesUIDMap, GIDMap, SubUIDMap, and SubGIDMap options in .container files.ReadOnlyTmpfs option.ImageName for .image files.--force, to the stop command.oneshot service type for .kube files, which allows yaml files without containers..image.--uts and --network options to host did not fill /etc/hostname with the host's name (#20448).build command would incorrectly parse https paths (#20475).podman exec command would leak sessions when the specified command does not existFixed a bug where the podman exec command would leak sessions when the specified command does not exist (#20392).podman history command did not display the size of certain layers (#20375).--restart always/on-failure would not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615).podman top command would incorrectly parse options (#19176).--read-only-tmpfs option to the podman run command was incorrectly handled when the --read-only option was set (#20225).--filter option to the podman images command would not correctly filter ids, digests, or intermediates (#19966).--replace option to the podman run command would print both the old and new container ID. Now, only the new container ID is printed.podman machine ls command would show Creation time as LastUp time for machines that have never been booted. Now, new machines show Never, with the json value being ZeroTime.podman build command where the default pull policy was not set to missing (#20125).containers.conf would lead to cleanup errors (#19938).podman kube play command exposed all containerPorts on the host (#17028).podman farm update command did not verify farm and connection existence before updating (#20080).--connection option while the CONTAINER_HOST environment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588).--env-host option was not honoring the default from containers.confpodman compose command.podman compose to try all configured providers before throwing an error (#20502).podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures.podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose.podman run --device is now supported.--module flag for Podman.podmansh_timeout option in containers.conf.podman build command now supports two new options: --layer-label and --cw.podman kube generate command now supports generation of k8s DaemonSet kind (#18899).podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061).podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#19881).podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes.podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible.io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#18312).--uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#18333).podman kube commands now support the List kind (#19052).podman kube play command now supports environment variables in kube.yaml (#15983).podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#18860).podman manifest push command now supports --add-compression to push with compressed variants.podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set.podman run and podman create --mount commands now support the ramfs type (#19659).--add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address.podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd.podman secret rm command now supports an --ignore option.--env-file option now supports multiline variables (#18724).--read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937).--mount option now supports bind mounts passed as globs.--mount option can now be specified in containers.conf using the mounts field.podman stats now has an --all option to get all containers stats (#19252).--sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#6160)./var/tmp will automatically be cleaned up on reboot.since for podman volume ls and podman volume prune (#19228).podman inspect command now has tab-completion support ([#18672])(https://github.com/containers/podman/issues/18672)).podman kube play command now has support for the use of reserved annotations in the generated YAML.podman secret inspect command supports a new option --showsecret which will output the actual secret.podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers.podman login command can now read the secret for a registry from its secret database created with podman secret create ([#18667]](https://github.com/containers/podman/issues/18667)).podman play kube command now works with the --userns option (#17392)./tmp and /var/tmp inside of a podman kube play will no longer be noexec.podman kube play has been improved to only pull a newer image for the "latest" tag (#19801).oci transport will use the optional name for naming the image.podman info command will always display the existence of the Podman socket.podman generate systemd.podman auto-update manpage and documentation has been updated and now includes references to Quadlet.Volume and Network units via the VolumeName and NetworkName directives, respectively.podman kill.podman rm -af could fail to remove containers under some circumstances (#18874).--hostuser was being parsed in base 8 instead of base 10 (#19800).kube down would error when an object did not exist (#19711).podman exec to set umask to match the container it's execing into (#19713).podman kube play failed to set a container's Umask to the default 0022.podman top would sometimes not print the full output (#19504).podman logs --tail could return incorrect lines when the k8s-file logger is used (#19545).podman stop did not ignore cidfile not existing when user specified --ignore flag (#19546).--volumes-from option that used the same path could not be created (#19529).podman cp via STDIN did not delete temporary files (#19496).podman run --rmi did not remove the container (#15640).podman inspect to show a .NetworkSettings.SandboxKey path for containers created with --net=none (#16716).podman machine start using the QEMU provider (#18662).podman run and podman create where the command fails if the user specifies a non-existent authfile path (#18938).podman info output (#19340)..HostConfig.PublishAllPorts always evaluates to false when inspecting a container created with --publish-all.podman image trust command to allow using the local policy.json file (#19073).--syslog flag was not passed to the cleanup process.podman system df command should see a significant performance improvement (#19467).podman manifest inspect command now supports the --authfile option, for authentication purposes.podman wait command now supports --condition={healthy,unhealthy}, allowing waits on successful health checks.podman push command now supports a new option, --compression-level, which specifies the compression level to use (#18939).podman machine start command, when run with --log-level=debug, now creates a console window to display the virtual machine while booting.--imagestore, which allows images to be stored in a different directory than the graphroot.--ip-range option to the podman network create command now accepts a new syntax, <startIP>-<endIP>, which allows more flexibility when limiting the ip range that Podman assigns.podmansh, has been added, which executes a user shell within a container when the user logs into the system. The container that the users get added to can be defined via a Podman Quadlet file. This feature is currently a Tech Preview which means it's ready for users to try out but changes can be expected in upcoming versions.podman network create command supports a new --option, bclim, for the macvlan driver.podman network create command now supports adding static routes using the --route option.podman network create command supports a new --option, no_default_route for all drivers.podman info command now prints network information about the binary path, package version, program version and DNS information (#18443).podman info command now displays the number of free locks available, helping to debug lock exhaustion scenarios.podman info command now outputs information about pasta, if it exists in helper_binaries_dir or $PATH.podman build command now accepts Containerfiles that are not in the context directory (#18239).podman play kube command now supports the --configmap option (#17513).podman kube play command now supports multi-doc YAML files for configmap arguments. (#18537).podman pod create command now supports a new flag, --restart, which sets the restart policy for all the containers in a pod.--format={{.Restarts}} option to the podman ps command now shows the number of times a container has been restarted based on its restart policy.--format={{.Restarts}} option to the podman pod ps command now shows the total number of container restarts in a pod.CONTAINERS_MACHINE_PROVIDER environment variable, as well as via the provider field in containers.conf (#17116).containers.conf via pasta_options.podman machine init and podman machine set commands now support a new option, --user-mode-networking, which improves interops with VPN configs that drop traffic from WSL networking, on Windows.podman push command now supports the --digestfile option (#18216).--out, that allows redirection or suppression of STDOUT (#18120).podman system service command now emits a warning when binding to a TCP socket. This is not a secure configuration and the Podman team recommends against using it.podman top command no longer depends on ps(1) being present in the container image and now uses the one from the host (#19001).--filter id=xxx option will now treat xxx as a CID prefix, and not as a regular expression (#18471).--filter option now requires multiple --filter flags to specify multiple filters. It will no longer support the comma syntax (--filter label=a,label=b).slirp4netns binary for will now be searched for in paths specified by the helper_binaries_dir option in containers.conf (#18239)./run/docker.sock within the guest to be consistent with its rootless/rootful setting (#18480).podman system df command now counts files which podman generates for use with specific containers as part of the disk space used by those containers, and which can be reclaimed by removing those containers. It also counts space used by files it associates with specific images and volumes as being used by those images and volumes.podman build command now returns a clearer error message when the Containerfile cannot be found. (#16354).--pid=host will no longer print errors on podman stop (#18460).podman manifest push command no longer requires a destination to be specified. If a destination is not provided, the source is used as the destination (#18360).podman system reset command now warns the user that the graphroot and runroot directories will be deleted (#18349), (#18295).package and package-install targets in Makefile have now been fixed and also renamed to rpm and rpm-install respectively for clarity (#18817)./etc/containers/systemd/users directory.AutoUpdate option.Mask and Unmask options.WorkingDir option, which specifies the default working dir in a container.Sysctl option, which sets namespaced kernel parameters for containers (#18727).SecurityLabelNetsted=true option, which allows nested SELinux containers.Pull option in .container files (#18779).ExitCode field in .kube files, which reflects the exit codes of failed containers.PodmanArgs field.HostName field, which sets the container's host name, in .container files (#18486).podman machine start command would fail with a 255 exit code. It now waits for systemd-user sessions to be up, and for SSH to be ready, addressing the flaky machine starts (#17403).podman auto update command did not correctly use authentication files when contacting container registries.--label option to the podman volume ls command would return volumes that matched any of the filters, not all of them (#19219).podman kube play command did not recognize containerPort names inside Kubernetes liveness probes. Now, liveness probes support both containerPort names as well as port numbers (#18645).--dns option to the podman run command was ignored for macvlan networks (#19169).podman system service command where setting LISTEN_FDS when listening on TCP would misbehave.podman pod run command would error after a reboot on a non-systemd system (#19175).--syslog option returned a fatal error when no syslog server was found (#19075).--mount option would parse the readonly option incorrectly (#18995).podman run command set an incorrect working directory. It now sets the correct working directory pointing to the container bundle directory (#18907).-device-cgroup-rule option was silently ignored in rootless mode (#18698).--force option to the podman kube down command would not remove volumes (#18797).--list-tags option in the podman search command would cause the command to ignore the --format option (#18939).podman machine start command did not properly translate the proxy IP.podman auto-update command would not restart dependent units (specified via Requires=) on auto update (#18926).podman pull command would print ids multiple times when using additional stores (#18647).podman rm -fa command could fail to remove dependency containers such as pod infra containers (#18180). --tz option to the podman create and podman run commands would not create a proper localtime symlink to the zoneinfo file, which was causing some applications (e.g. java) to not read the timezone correctly.--filter volume= option to the podman events command would not display the relevant events (#18618).podman wait command where containers created with the --restart=always option would result in the container staying in a stopped state.podman stats command returned an incorrect memory limit after a container update. (#18621).podman run command where the PODMAN_USERNS environment variable was not ignored when the --pod option was set, resulting in a container created in a different user namespace than its pod (#18580).podman run command would not create the /run/.containerenv when the tmpfs is mounted on /run (#18531).$HOME environment variable would be configured inconsistently between container starts if a new passwd entry had to be created for the container.podman play kube command would restart initContainers based on the restart policy of the pod. initContainers should never be restarted.build command where an invalid platform would be set.podman history command did not display tags (#17763).podman machine init command would create invalid machines when run with certain UIDs (#17893).podman manifest push command where an error encountered during the push incorrectly claimed that the error occurred while adding an item to the list.podman machine rm command would remove the machine connection before the user confirms the removal of the machine (#18330).starting state (#16945).--network=container: option would fail when the target container uses the host network mode. The same also now works for the other namespace options (--pid, --uts, --cgroupns, --ipc) (#18027).--format {{.State}} option to the podman ps command would display the status rather than the state (#18244).podman commit command where setting a --message while also specifying --format=docker options would incorrectly warn that setting a message is incompatible with OCI image formats (#17773).--format option to the podman history command, where the {{.CreatedAt}} and {{.Size}} fields were inconsistent with Docker’s output (#17767), (#17768).online_cpus field was not set correctly (#15754).sha256: (#17762).platform parameter (#18951).noprune query parameter, which ensures that dangling parents of the specified image are not removedpodman system service command is now supported on FreeBSD.make package did not work on RHEL 8 environments (#18421).podman network create --dns and podman network update --dns-add/--dns-drop (#18663).podman kube play command now supports the hostIPC field (#17157).podman kube play command now supports a new flag, --wait, that keeps the workload running in foreground until killed with a sigkill or sigterm. The workloads are cleaned up and removed when killed (#14522).podman kube generate and podman kube play commands now support SELinux filetype labels.podman kube play command now supports sysctl options (#16711).podman kube generate command now supports generating the Deployments (#17712).podman machine inspect command now shows information about named pipe addresses on Windows (#16860).--userns=keep-id option for podman create, run, and kube play now works for root containers by copying the current mapping into a new user namespace (#17337).podman secret exists, to verify if a secret with the given name exists.podman kube generate and podman kube play commands now support ulimit annotations (#16404).podman create, run, pod create, and pod clone commands now support a new option, --shm-size-systemd, that allows limiting tmpfs sizes for systemd-specific mounts (#17037).podman create and run commands now support a new option, --group-entry which customizes the entry that is written to the /etc/group file within the container when the --user option is used (#14965).podman create and podman run commands now support a new option, --security-opt label=nested, which allows SELinux labeling within a confined container.podman machine os apply has been added, which applies OS changes to a Podman machine, from an OCI image.podman search command now supports two new options: --cert-dir and --creds.--cgroup-config option for podman create and podman run can now be set in containers.conf.database_backend field in containers.conf.podman network create -d <plugin> can be used to create a network config for your plugin and then podman will use it like any other config and takes care of setup/teardown on container start/stop. This requires at least netavark version 1.6.podman build command no longer allows .containerignore or .dockerignore files to be symlinks outside the build context.podman system reset command now clears build caches.podman play kube command now adds ctrName as an alias to the pod network (#16544).podman kube generate command no longer adds hostPort to the pod spec when generating service kinds.SYS_CHROOT capability has been re-added to the default set of capabilities.podman images command has seen a significant performance improvement (#17828).Rootfs= option, allowing containers to be based on rootfs in addition to image..container and .kube units..container files (#17632)..container files via the IP= and IP6= options..container files.--userns=keep-id (#17908).tmpfs filesystems through the Tmpfs key in .container files (#17907).--version option.podman image scp command to correctly use identity settings.podman build command where building from stdin would fail. podman --remote build -f - now works correctly (#17495).podman volume prune command where exclusive (!=) filters would fail (#17051).--volume option in the podman create, run, pod create, and pod clone commands where specifying relative mappings or idmapped mounts would fail (#17517).podman kube play command where a secret would be created, but nothing would be printed on the terminal (#17071).podman kube down command where secrets were not removed.podman inspect command did not properly list the network configuration of containers created with --net=none or --net=host (#17385).podman checkpoint restore command could panic.podman events command where events could be returned more than once after a log file rotation (#17665).podman auto-update command were not reported.--health-on-failure=restart option were not restarting when the health state turned unhealthy (#17777).slirp4netns network mode with the cidr option and a custom user namespace did not set proper DNS IPs in resolv.conf.podman auto-update command could fail to restart systemd units (#17607).podman play kube command did not properly handle secret.items in volumes (#17829).podman generate kube command could generate pods with invalid names and hostnames (#18054).RLIMIT_NOFILE) passed to the --ulimit option to podman create and podman run were case-sensitive (#18077).Id key as lowercase id to match Docker (#17869).podman version command no longer joins the rootless user namespace (#17657).podman-events --stream option is no longer hidden and is now documented.SYS_CHROOT back to the default set of capabilities.podman system service --log-level=trace did not hijack the client connection, causing remote podman run/attach calls to work incorrectly (#17749).podman-mac-helper now exits with 1 on error (#17785).podman run --dns ... --network would not respect the dns option. Podman will no longer add host nameservers to resolv.conf when aardvark-dns is used (#17499).podman logs errored out with the passthrough driver when the container was run from a systemd service.--health-on-failure=restart would not restart the container when the health state turned unhealthy (#17777).podman-kube systemd template would always use the "passthrough" log driver (#17482).podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).podman events command.make docs crashed (#17322).podman kube play command where existing resources got mistakenly removed.podman kube play command now supports hostPID in the pod.spec (#17157).podman build command now supports the --group-add option.podman network update has been added, which updates networks for containers and pods.podman network create command now supports a new option, --network-dns-server, which sets the DNS servers that this network will use.podman kube play command now accepts the--publish option, which sets or overrides port publishing.podman inspect command now returns an error field (#13729).podman update command now accepts the --pids-limit option, which sets the PIDs limit for a container (#16543)./ to match Docker behaviour (#16663).podman events command now supports die as a value (mapping to died) to the --filter option, for better Docker compatibility (#16857).podman system dfcommand’s --format "{{ json . }}" option now outputs human-readable format to improve Docker compatibilitypodman rm -f command now also terminates containers in "stopping" state.podman play kube command now supports subpaths when using configmap and hostpath volume types (#16828).--no-heading option now include a short option, -n.podman push command no longer ignores the hidden --signature-policy flag.podman wait command now supports the --ignore option.podman network create command now supports the --ignore option to instruct Podman to not fail when trying to create an already existing network.podman kube play command now supports volume subpaths when using named volumes (#12929).podman kube play command now supports container startup probes.podman buildx version, has been added, which shows the buildah version (#16793).podman build command now supports the --volume option (#16694).--opt parent=... option is now accepted with the ipvlan network driver in the podman network create command (#16621).--init-ctr option for the podman container create command now supports shell completion.podman kube play command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container.podman run command has been extended with support for checkpoint images.event_audit_container_create option is enabled in containers.conf, the verbosity of the container-create event is increased by adding the inspect data of the container to the event.podman push command features two new options, --encryption-key and --encrypt-layer, for encrypting an image while pushing it to a registry (#15163).podman pull and podman run commands feature a new option, --decryption-key, which decrypts the image while pulling it from a registry (#15163).podman manifest annotate command is now supported.SSL_CERT_FILE and SSL_CERT_DIR environment variables are now propagated into Podman machine VMs (#16041).CONTAINER_PROXY, can be used to specify TCP proxies when using remote Podman.podman machine init command now supports the --quiet option, as well a new option, --no-info which suppresses informational tips (#15525).podman volume create command now includes the -d short option for the --driver option.podman events command has a new alias, podman system events, for better Docker compatibility.--restart-sec option for podman generate systemd now generates RestartSec= for both pod service files and container service files (#16419).podman manifest push command now accepts --purge, -p options as aliases for --rm, for Docker compatibility.--network option to podman pod create now supports using an existing network namespace via ns:[netns-path] (#16208).podman pod rm and podman container rm commands now removes container/pod ID files along with the container/pod (#16387).podman manifest inspect command now accepts a new option, --insecure as an alias to--tls-verify=false, improving Docker compatibility (#14917).podman kube apply, has been added, which deploys the generated yaml to a k8s cluster.--userns=keep-id option in rootless podman create, podman run, podman kube play, podman pod create, and podman pod clone now can be used when only one ID is available.podman play kube command now supports the volume.podman.io/import-source annotation to import the contents of tarballs.podman volume create command now accepts the --ignore option, which ignores the create request if the named volume already exists.--filter option for podman ps now supports regex (#16180).podman system df command now accepts --format json and autocompletes for the --format option (#16204).podman kube down command accepts a new option, --force, which removes volumes (#16348).podman create, podman run, and podman pod create commands now support a new networking mode, pasta, which can be enabled with the --net=pasta option (#14425, #13229).pasta is deprecated and support for it will be removed in the next major release.podman network create command no longer accepts default as valid name. It is impossible to use this network name in the podman run/create command because it is parsed as a network mode instead (#17169).podman kube generate command will no longer generate built-in annotations, as reserved annotations are used internally by Podman and would have no effect when run with Kubernetes.podman kube play command now limits the replica count to 1 when deploying from kubernetes YAML (#16765).--pid=host option is terminated, Podman now sends a SIGKILL to all the active exec sessionspodman events and podman logs is now more efficient when the --since option is used, as it will now seek directly to the correct time instead of reading all entries from the journal (#16950).--service-container option is set for the podman kube play command, the default log-driver to is now set to passthrough (#16592).podman container inspect and podman kube generate commands will no longer list default annotations set to false.CONTAINER_HOST environment variable defaults to port 22 for SSH style URLs for remote connections, when set (#16509).podman kube play command now reuses existing PersistentVolumeClaims instead of erroring.podman system reset command will no longer prompt the user if /usr/share/containers/storage.conf file exists.--format and --verbose flags in podman system df are no longer allowed to be used in combination.podman kube generate command now sets runAsNonRoot=true in the generated yaml when the image has user set as a positive integer (#15231).podman ps) is considerably faster.podman push and podman manifest push commands now support a new option, --sign-by-sigstore, which allows using Fulcio and Rekor.--dns option was not being set correctly (#16172).podman rm to fail when stopping or killing a container that has already been stopped or has exited (#16142, #15367).podman kube play default environment variables have not been applied to containers (#17016).podman stop (#17069).docker run against a podman backend would be truncated when using Docker Clients on Mac and Windows (#16656).podman logs --since --follow would not follow and just exit with the journald driver.podman logs --until --follow would not exit after the given until time.podman attach and podman start did not sigproxy (#16662).podman ps command’s --filter option where specifying volume as a filter would not return the correct containers (#16019).podman export command on MacOS and Windows where it could not export to STDOUT (#16870).podman container restore command’s --ignore-static-ip and --ignore-static-mac options when restoring a normal container, i.e without --import, where the option was not correctly honored (#16666).podman kube play where secrets were incorrectly unmarshalled (#16269, #16625).podman kube play where IpcNS was not being properly set
(#16632).podman kube play that occurred when the optional field of a secret volume was not set in the kube yaml, causing Podman to crash (#16636).podman stats command where the NetInput and NetOutput fields were swapped.podman network create command’s --driver option where incorrect shell completion suggestions were given.podman --noout was not suppressing output from certain commands such as podman machine and podman system connection (#16201).podman cp when copying directories ending with a "." (#16421).--connection option would not work with a cached config (#16282).--format {{ json .}} option which resulted in different output compared to docker (#16436).docker.io to avoid TTY check failure (#16417)./proc is mounted with the hidepid=2 option (#16022).podman kube play where the sdnotify proxy could cause Podman to deadlock (#16076).podman system df reported wrong image sizes (#16135).podman inspect did not correctly remote the IPCMode of containers (#17189).--userns keep-id option were not correctly adding username entries to /etc/passwd within container (#17148).--publish-all flag in the podman create and podman run commands would occasionally assign colliding ports.podman machine init --image-path on Windows was not correctly handling absolute paths (#15995).podman machine init would fail on non-systemd Linux distributions due to the lack of timedatectl (#17244).podman machine commands would fail on Windows when the Podman managed VM is set as default in WSL, under some locales (#17227, #17158).podman ps command’s STATUS output’s human readable output would add “ago” (#17250).podman events command run with the journald driver could show events from other users.NetworkMode=default is no longer rewritten to NetworkMode=bridge if the containers.conf configuration file overwrites netns (#16915).podman-release-static.tar.gz artfact has been renamed to podman-release-static-linux_{amd64,arm64}.tar.gz (#16612).podman-installer-macos-aarch64.pkg artifact has been renamed to podman-installer-macos-arm64.pkg.podman ps and podman container inspect commandspodman generate spec, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.podman update, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted (#15067).podman kube down, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to podman kube play --down, but it now has its own command).podman kube play command now supports Kubernetes secrets using Podman's secrets backend.podman kube play command now integrate with sd-notify, using the io.containers.sdnotify annotation (or io.containers.sdnotify/$name for specific containers).podman kube play can now be auto-updated, using the io.containers.auto-update annotation (or io.containers.auto-update/$name for specific containers).podman kube play command can now read YAML from URLs, e.g. podman kube play https://example.com/demo.yml (#14955).podman kube play command now supports the emptyDir volume type (#13309).podman kube play command now supports the HostUsers field in the pod spec.podman play kube command now supports binaryData in ConfigMaps.podman pod create command can now set additional resource limits for pods using the new --memory-swap, --cpuset-mems, --device-read-bps, --device-write-bps, --blkio-weight, --blkio-weight-device, and --cpu-shares options.podman machine init command now supports a new option, --username, to set the username that will be used to connect to the VM as a non-root user (#15402).podman volume create command's -o timeout= option can now set a timeout of 0, indicating volume plugin operations will never time out.image, which allows volumes to be created that are backed by images.podman run and podman create commands support a new option, --env-merge, allowing environment variables to be specified relative to other environment variables in the image (e.g. podman run --env-merge "PATH=$PATH:/my/app" ...) (#15288).podman run and podman create commands support a new option, --on-failure, to allow action to be taken when a container fails health checks, with the following supported actions: none (take no action, the default), kill (kill the container), restart (restart the container), and stop (stop the container).--keep-id option to podman create and podman run now supports new options, uid and gid, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. --userns=keep-id:uid=11 will made the user running Podman to UID 11 in the container) (#15294).podman generate systemd command now supports a new option, --env/-e, to set environment variables in the generated unit file (#15523).podman pause and podman unpause commands now support the --latest, --cidfile, and --filter options.podman restart command now supports the --cidfile and --filter options.podman rm command now supports the --filter option to select which containers will be removed.podman rmi command now supports a new option, --no-prune, to prevent the removal of dangling parents of removed images.--dns-opt option to podman create, podman run, and podman pod create has received a new alias, --dns-option, to improve Docker compatibility.podman command now features a new global flag, --debug/-D, which enables debug-level logging (identical to --log-level=debug), improving Docker compatibility.podman command now features a new global flag, --config. This flag is ignored, and is only included for Docker compatibility (#14767).podman manifest create command now accepts a new option, --amend/-a.podman manifest create, podman manifest add and podman manifest push commands now accept a new option, --insecure (identical to --tls-verify=false), improving Docker compatibility.podman secret create command's --driver and --format options now have new aliases, -d for --driver and -f for --format.podman secret create command now supports a new option, --label/-l, to add labels to created secrets.podman secret ls command now accepts the --quiet/-q option.podman secret inspect command now accepts a new option, --pretty, to print output in human-readable format.podman stats command now accepts the --no-trunc option.podman save command now accepts the --signature-policy option (#15869).podman pod inspect command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods (#15674).podman context as aliases to existing podman system connection commands, to improve Docker compatibility.--sig-proxy option is set (#14707).-v option to podman run, podman create, and podman pod create, so long as source, destination, and options all match (#4217).podman generate kube and podman play kube commands have been renamed to podman kube generate and podman kube play to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.podman init, podman container checkpoint, podman container restore, podman container cleanup) now print the user-inputted name of the container, instead of its full ID, on success.--cpu-rt-period and --cpu-rt-runtime options to podman run and podman create now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) (#15666)./dev/tty* devices other than /dev/tty itself into the container (#15878).podman machine commands has seen a thorough rework, addressing many issues about authentication.--network option to podman kube play now allows passing host to set the pod to use host networking, even if the YAML does not request this.podman inspect command on containers now includes the digest of the image used to create the container.podman play kube are now, by default, placed into a network named podman-kube. If the podman-kube network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.podman network prune and podman container prune commands did not properly support the --filter label!= option (#14182).podman kube generate command added an unnecessary Secret: null line to generated YAML (#15156).podman kube generate command did not set enableServiceLinks and automountServiceAccountToken to false in generated YAML (#15478 and #15243).podman kube play command did not properly handle CPU limits (#15726).podman kube play command did not respect default values for liveness probes (#15855).podman kube play command did not bind ports if hostPort was not specified but containerPort was (#15942).podman kube play command sometimes did not create directories on the host for hostPath volumes.podman manifest push command did not display progress.--filter "{{.Config.Healthcheck}}" option to podman image inspect did not print the image's configured healthcheck (#14661).podman volume create -o timeout= option could be specified even when no volume plugin was in use.podman rmi command did not emit untag events when removing tagged images (#15485).podman machine VMs on Windows could sometimes fail because the pipe was not created in time (#14811).podman pod rm command could error if removal of a container in the pod was interrupted by a reboot.exited and exec died events for containers did not include the container's labels (#15617).$PATH) to Conmon when starting containers (#15707).podman events command could function improperly when no events were present (#15688).--format flag to various Podman commands did not properly handle template strings including a newline (\n) (#13446).podman generate systemd command would generate incorrect YAML for pods created without the --name option.podman generate systemd --new command did not properly set stop timeout (#16149).podman inspect command to be unable to inspect the container until it was restarted.--force would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state (#15526).podman stats could exceed the maximum memory available on the system (#15765).podman container clone command did not properly handle environment variables whose value contained an = character (#15836).podman-remote run --attach stdin command.podman machine list --format json command did not properly show machine starting status.podman pod logs --latest command could panic (#15556).podman system service to listen at would result in a panic.podman kill command would sometimes not transition containers to the exited state (#16142).docker-compose (#15580).pod, to set the pod that the container will be restored into (#15018)./ is not a shared mount when run inside a container (#15295).podman generate systemd has been adjusted to improve readability.podman create and podman run.sigstoreSigned) to the podman image trust set and podman image trust show commands.`podman image trust show command now recognizes new lookaside field names.podman image trust show command now recognizes keyPaths in signedBy entries.podman image trust show may now show multiple entries for the same scope, to better represent separate requirements. GPG IDs on a single row now always represent alternative keys, only one of which is required; if multiple sets of keys are required, each is represented by a single line.podman generate kube command no longer adds the bind-mount-options annotation to generated Service YAML (#15208).podman kill to send signals to containers (#15492).podman image trust set command would silently discard unknown fields.podman image trust show command would not show signature enforcement configuration for the default scope.podman image trust show command would silently ignore multiple kinds of requirements in a single scope.[email protected] unit file would cause warnings when running systemctl status on the unit.--compress option to podman image save was incorrectly allowed with the oci-dir format.podman container clone command did not properly clone environment variables (#15242).: character, preventing some commands from being used with podman machine on Windows (#15247).podman top command would report new capabilities as unknown.podman generate kube command could generate incorrect YAML when the bind-mount-options was used (#15170).podman events command would not work with custom --format specifiers (#15648).HostConfig.Binds field as Docker does.remove instead of delete) (#15485).podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).podman machine info, which displays information about the host and the versions of various machine components.podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, [email protected] - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.podman pod create command now supports an exit policy (configurable via the --exit-policy option), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops. The latter is used for pods created via podman play kube (#13464).podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!podman create and podman run commands now include the -c short option for the --cpu-shares option.podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).podman machine init command on Windows now fetches an image with packages pre-installed (#14698).--image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).--opt o=timeout= option to podman volume create (BZ 2080458).podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.podman push command now supports the --remove-signatures option (#14558).podman image scp command.podman image scp command now supports tagging the transferred image with a new name.podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).--condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.podman events command now includes the -f short option for the --filter option.podman pull command now includes the -a short option for the --all-tags option.podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).--url now has two aliases: -H and --host.podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.podman push and podman manifest push.podman kill command.podman system prune command now removes unused networks.--userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman./run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.podman play kube now default to the once type (#14877).podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.libpod/common package has been removed as it's not used anywhere.--userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233)./dev into a container which used the --init flag would cause the container to fail to start (#14251).podman image mount command would not pretty-print its output when multiple images were mounted.podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).podman system reset command could race against other Podman commands (#9075).podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420).podman machine ssh command would not preserve the exit code from the command run via ssh (#14401).podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303).podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416).podman machine init --now did not respect proxy environment variables (#14640).podman machine init command would fail if there is no $HOME/.ssh dir (#14572).podman machine init command would add a connection even if creating the VM failed (#15154).podman machine start command could render the VM unable to start.podman machine list --format command would still print a heading.podman machine list command did not properly set the Starting field (#14738).podman machine start command could fail to start QEMU VMs when the machine name started with a number.podman -h command did not show help output.podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the GitLab Runner.exec events, instead of health_status events (#13493).podman pod ps command could return an error when run at the same time as podman pod rm (#14736).podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516).podman manifest rm command would remove images, not manifests (#14763).podman run and podman create commands' --device-cgroup-rule option.podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819).podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030).podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769).podman pull command would display duplicate progress output.podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879)./etc/passwd file (#14966).podman push command did not display progress information (#14971).podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929).podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612).podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055).podman manifest push --rm command could remove image, instead of manifest lists (#15033).podman run --rm command could fail to remove the container if it failed to start (#15049).podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052).podman generate systemd --new command would fail when -h <hostname> was used to create the container (#15124).remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831).application/json content type header when there were no containers present (#14647).mtu, name, mode, and parent options (#14482).bridge (#14983).SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674).stream and delay (#14674)./run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.podman machine ssh command no longer prints spurious warnings every time it is run.podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.podman system prune command now no longer prints the Deleted Images header if no images were pruned.podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).podman load command now mirrors that of docker load.podman play kube command could panic if the --log-opt option was used (#13356).--sdnotify=conmon option could send MAINPID twice.podman info command could fail when run inside an LXC container.podman machine VMs on Windows, containers could be prematurely terminated with API forwarding was not running (#13965).--security-opt option to podman run and podman create did not support the no-new-privileges:true and no-new-privileges:false options (the only supported separator was =, not :) (#14133).--network none or --network ns:/path/to/ns) could not be restored from checkpoints (#14389).podman-restart.service could, if enabled, cause system shutdown to hang for 90 seconds (#14434).podman stats command would, when run as root on a container that had the podman network disconnect command run on it or that set a custom network interface name, return an error (#13824).podman pod create command would error when the --uidmap option was used (#14233).--network=host would receive a private network namespace (#13763).podman machine rm --force would remove files related to the VM before stopping it, causing issues if removal was interrupted.podman logs would omit the last line of a container's logs if the log did not end in a newline (#14458).--file-locks option to podman container restore was ignored, such that file locks checkpointed by podman container checkpoint --file-locks were not restored.--sig-proxy enabled at the exact moment the container that was attached to exited could cause error messages to be printed.podman machine start command more than once (simultaneously) on the same machine would cause errors.podman stats command could not be run on containers that were not running (it now reports all-0s statistics for Docker compatibility) (#14498).STDERR output even if the quiet parameter was true.podman auto-update command now creates an event when it is run.DOCKER_BUILDKIT=0.podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.podman machine inspect. This command provides details on the configuration of machine VMs.podman machine set command can now change the CPUs, memory, and disk space available to machines after they were initially created, using the new --cpus, --disk-size, and --memory options (#13633).machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers (#12768).podman machine now automatically mount the host's $HOME into the VM, to allow mounting volumes from the host into containers.podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.podman play kube command will now set default resource limits when the provided YAML does not include them (#13115).podman play kube command now supports a new option, --annotation, to add annotations to created containers (#12968).podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile (#12485).podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer (#12889).podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID (#13261) and --color, which colors messages based on what container generated them (#13266).podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network (#13521).podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.--ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the IPC namespace can be shared with other containers (#13265).--mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter (#13387).--mount option to the podman create and podman run commands now allows parameters to be passed in CSV format (#13922).--userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}} (#14012).podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined (#14049).podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization (#13876).--net=container: option to podman run, podman create, and podman pod create now conflicts with the --add-host option.slirp4netns) to ensure they can connect to containers started the upgrade./etc/hosts file has been rewritten to improve its consistency and handling of edge cases (#12003 and #13224). As part of this, two new options are available in containers.conf: base_hosts_file (to specify a nonstandard location to source the base contents of the container's /etc/hosts) and host_containers_internal_ip (to specify a specific IP address for containers' host.containers.internal entry to point to).podman image trust show command now includes information on the transport mechanisms allowed.container_uuid environment variable (#13187).podman events.--privileged and --cap-add flags are no longer mutually exclusive (#13449).--mount option to podman create and podman run could not create anonymous volumes (#13756).podman machine set command can no longer be used while the VM being updated is running (#13783).podman generate systemd are now prettyprinted for increased readability.file event log driver now automatically rotates the log file, preventing it from growing beyond a set size.--no-trunc flag to podman search now defaults to false, to ensure output is not overly verbose.podman play kube command did not record the raw image name used to create containers.podman machine could not start containers which forwarded ports when run on a host with a proxy configured (#13628).podman machine command could not be connected to when the username of the current user was sufficiently long (#12751).podman system reset command on Linux did not fully remove virtual machines created by podman machine.podman machine rm command would error when removing a VM that was never started (#13834).podman manifest push command could not push to registries that required authentication (#13629).podman version --format command could not return the OS of the server (#13690).podman play kube command would error when a volume specified by a configMap already existed (#13715).podman play kube command did not respect the hostNetwork setting in Pod YAML (#14015).podman play kube command would, when the --log-driver flag was not specified, ignore Podman's default log driver (#13781).podman generate kube command could generate YAML with too-long labels (#13962).podman logs --tail=1 command would fail when the log driver was journald and the container was restarted (#13098).podman network connect and podman network disconnect commands could leave invalid entries in /etc/hosts (#13533).--tls-verify option to the remote Podman client's podman build command was nonfunctional.podman pod inspect command incorrectly reported whether the pod used the host's network (#14028).-p 8080:8080) would be bound to IPv6 addresses (#12292).podman info could report an incorrect path to the socket used to access the Podman service (#12023).no_hosts option in containers.conf (#13719).bridge.removing status (#13986).tlsVerify parameter.podman play kube on a YAML that only includes configMap objects (and no pods or deployments) now prints a much clearer error message.podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).--device option to podman run and podman create would not be accessible within the container.containers.conf (#13411).podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.podman version command could sometimes print excess blank lines as part of its output.podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272)..dockerignore file (#13529).podman machine could not bind ports to specific IPs on the host (#13543).podman system df were incorrect (#13516).podman stats were incorrect (#13597).--no-healthcheck option would still display healthcheck status in podman inspect (#13578).podman pod rm command could print a warning about a missing cgroup (#13382).podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).systemd as init, print a warning message about the rootless network namespace (#13703).podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).podman play kube command did not honor the mountPropagation field in Pod YAML (#13322).--build=false option to podman play kube was not honored (#13285).--volumes-from) could, under certain circumstances, exit with errors that it could not delete some volumes if the other container did not exit before it (#12808).CONTAINERS_CONF environment variable was not propagated to Conmon, which could result in Podman cleanup processes being run with incorrect configurations.podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.podman network connect command now supports three new options, --ip, --ip6, and --mac-address, to specify configuration for the new network that will be attached.podman network create command now allows the --subnet, --gateway, and --ip-range options to be specified multiple times, to allow for the creation of dual-stack IPv4 and IPv6 networks with user-specified subnets.--network option to podman create, podman pod create, podman run, and podman play kube can now, when specifying a network name, also specify advanced network options such as alias, ip, mac, and interface_name, allowing advanced configuration of networks when creating containers connected to more than one network.podman play kube command can now specify the --net option multiple times, to connect created containers and pods to multiple networks.podman create, podman pod create, and podman run commands now support a new option, --ip6, to specify a static IPv6 address for the created container or pod to use.-o mode= option.ipvlan, is now available.podman info command will now print the network backend in use (Netavark or CNI).containers.conf via the network_backend field. Please note that it is not recommended to switch backends while containers exist, and a system reboot is recommended after doing so.--noout, that suppresses all output to STDOUT.podman rm --force, podman pod rm --force, podman volume rm --force, podman network rm --force) now accept a --time option to specify the timeout on stopping the container before resorting to SIGKILL (identical to the --time flag to podman stop).podman run and podman create commands now support a new option, --passwd, that uses the /etc/passwd and /etc/groups files from the image in the created container without changes by Podman (#11805).podman run and podman create commands now support a new option, --hostuser, that creates one or more users in the container based on users from the host (e.g. with matching username, UID, and GID).podman create and podman run commands now support two new options, --unsetenv and --unsetenv-all, to clear default environment variables set by Podman and by the container image (#11836).podman rm command now supports a new option, --depend, which recursively removes a given container and all containers that depend on it (#10360).podman volume ls, podman ps) now support labels specified using glob matching (e.g. --filter label=some.prefix.com/key/*).podman pod create command now supports the --volume option, allowing volumes to be specified that will be mounted automatically to all containers in the pod (#10379).podman pod create command now supports the --device option, allowing devices to be specified that will be mounted automatically to all containers in the pod.podman pod create command now supports the --volumes-from option, allowing volumes from an existing Podman container to be mounted automatically to all containers in the pod.podman pod create command now supports the --security-opt option, allowing security settings (e.g. disabling SELinux or Seccomp) to be configured automatically for all containers in the pod (#12173).podman pod create command now supports the --share-parent option, which defaults to true, controlling whether containers in the pod will use a shared cgroup parent.podman pod create command now supports the --sysctl option, allowing sysctls to be configured automatically for all containers in the pod.podman events command now supports the --no-trunc option, which will allow short container IDs to be displayed instead of the default full IDs. The flag defaults to true, so full IDs remain the default (#8941).podman machine init command now supports a new VM type, wsl, available only on Windows; this uses WSL as a backend for podman machine, instead of creating a separate VM and managing it via QEMU (#12503).podman machine init command now supports a new option, --now, to start the VM immediately after creating it.podman machine init command now supports a new option, --volume, to mount contents from the host into the created virtual machine.podman machine now automatically mount the Podman API socket to the host, so consumers of the Podman or Docker APIs can use them directly from the host machine (#11462).podman machine now automatically mount certificates from the host's keychain into the virtual machine (#11507).podman machine now automatically propagate standard proxy environment variables from the host into the virtual machine, including copying any required certificates from SSL_FILE_CERT into the VM.podman machine ssh command now supports a new option, --username, to specify the username to connect to the VM with.podman machine now supports ports specified using custom host IPs (e.g. -p 127.0.0.1:8080:80), the UDP protocol, and containers created using the slirp4netns network mode (#11528 and #11728).podman system connection rm command supports a new option, --all, to remove all available connections (#12018).podman system service command's default timeout is now configured via containers.conf (using the service_timeout field) instead of hardcoded to 5 seconds.--mount type=devpts option to podman create and podman run now supports new options: uid, gid, mode, and max.--volume option to podman create and podman run now supports a new option, :idmap, which using an ID mapping filesystem to allow multiple containers with disjoint UID and GID ranges mapped into them access the same volume (#12154).U option for volumes, which changes the ownership of the mounted volume to ensure the user running in the container can access it, can now be used with the --mount option to podman create and podman run, as well as the --volume option where it was already available.:O option for volumes, which specifies that an overlay filesystem will be mounted over the volume and ensures changes do not persist, is now supported with named volumes as well as bind mounts.:O option for volumes now supports two additional options, upperdir and workdir, which allow for specifying custom upper directories and work directories for the created overlay filesystem.--rootfs) can now create an overlay filesystem atop the user-specified rootfs which ensures changes will not persist by suffixing the user-specified root filesystem with :O.podman save command has a new option, --uncompressed, which saves the layers of the image without compression (#11613).passthrough, which logs all output directly to the STDOUT and STDERR of the podman command; it is intended for use in systemd-managed containers.podman build command now supports two new options, --unsetenv and --all-platforms.podman image prune command now supports a new option, --external, which allows containers not created by Podman (e.g. temporary containers from Buildah builds) to be pruned (#11472).podman image prune have been added for Docker compatibility: podman builder prune and podman buildx prune.podman play kube command now supports a new option, --no-hosts, which uses the /etc/hosts file from the image in all generated containers, preventing any modifications to the hosts file from Podman (#9500).podman play kube command now supports a new option, --replace, which will replace any existing containers and pods with the same names as the containers and pods that will be created by the command (#11481).podman play kube command now supports a new option, --log-opt, which allows the logging configuration of generated containers and pods to be adjusted (#11727).podman play kube command now supports Kubernetes YAML that specifies volumes from a configmap.podman generate systemd command now supports a new option, --template, to generate template unit files.podman generate systemd command now supports a new option, --start-timeout, to override the default start timeout for generated unit files (#11618).podman generate systemd command now supports a new option, --restart-sec, to override the default time before a failed unit is restarted by systemd for generated unit files.podman generate systemd command now supports three new options, --wants, --after, and --requires, which allow detailed control of systemd dependencies in generated unit files.podman container checkpoint and podman container restore commands can now print statistics about the checkpoint operation via a new option, --print-stats.podman container checkpoint and podman container restore commands can now checkpoint and restore containers which make use of file locks via a new option, --file-locks.podman container restore command can now be used with containers created using the host IPC namespace (--ipc=host).podman container checkpoint and podman container restore commands now handle checkpointing and restoring the contents of /dev/shm.podman container checkpoint and podman container restore commands are now supported with the remote Podman client (#12007).podman inspect command on containers now includes additional output fields for checkpointed and restored containers, including information about when the container was checkpointed or restored, and the path to the checkpoint/restore log.podman secret list command now supports a new option, --filter, to filter what secrets are returned.podman image scp command can now be used to transfer images between users (both root and rootless) on the same system, without requiring sshd.podman image sign command now supports a new option, --authfile, to specify an alternative path to authentication credentials (#10866).podman load command now supports downloading files via HTTP and HTTPS if a URL is given (#11970).podman push command now supports a new option, --compression-format, to choose the compression algorithm used to compress image layers.podman volume create command now allows volumes using the local driver that require mounting to be used by non-root users. This allows tmpfs and bind volumes to be created by non-root users (#12013).podman dial-stdio, has been added; this command should not be invoked directly, but is used by some clients of the Docker Remote API, and is provided for Docker compatibility (#11668).compat_api_enforce_docker_hub option in containers.conf (#12320).make install makefile target no longer implicitly builds Podman, and will fail if make was not run prior to it.podman rm --depends, podman rmi --force, and podman network rm --force commands can now remove pods if a they need to remove an infra container (e.g. podman rmi --force on the infra image will remove all pods and infra containers). Previously, any command that tried to remove an infra container would error.podman system reset command now removes all networks on the system, in addition to all volumes, pods, containers, and images.CONTAINER_HOST environment variable is set, Podman will default to connecting to the remote Podman service specified by the environment variable, instead of running containers locally (#11196).podman inspect on a container has had its JSON tag renamed from Healthcheck to Health for improved Docker compatibility. An alias has been added so that using the old name with the --format option will still work (#11645).podman inspect on a container (SecondaryIPAddresses and SecondaryIPv6Addresses) have been changed from arrays of strings to arrays of structs for improved Docker compatibility (the struct now includes IP address and prefix length).podman volume rm --force command will now remove containers that depend on the volume that are running (previously, it would only remove stopped containers).podman search command has been altered to remove the Index, Stars, and Automated columns, as these were not used by registries that are not Dockerhub.host.containers.internal entry in /etc/hosts for rootless containers now points to a public IP address of the host machine, to ensure the container can reach the host (the previous value, a slirp4netns address, did not actually point to the host) (#12000).--uidmap and --gidmap (#12669).Configured state is now named Created, and the previous Created state is now Initialized. The podman ps command already normalized these names for Docker compatibility, so this will only be visible when inspecting containers with podman inspect.podman machine stop command will now log when machines are successfully stopped (#11542).podman machine stop command now waits until the VM has stopped to return; previously, it returned immediately after the shutdown command was sent, without waiting for the VM to shut down.podman machine now delegate more cgroup controllers to the rootless user used to run containers, allowing for additional resource limits to be used (#13054).podman stop command will now log a warning to the console if the stop timeout expires and SIGKILL must be used to stop the container (#11854).--no-trunc argument to the podman search command now defaults to true.rootlessport port forwarder is now handled by a separate binary, not Podman itself, which results in significantly reduced memory usage (#10790).podman system connection ls command now has a separate output column to show which connection is currently the default (instead appending * to the default connection's name) (#12019).--kernel-memory option to podman run and podman create has been deprecated in the upstream OCI runtime specification, and is now also deprecated in Podman and will be removed in a future release. Use of the flag will result in a warning.catatoinit binary used for podman run --init). This allows pods to be easily used on systems without an internet connection.--rootless-cni option to podman unshare has been renamed to --rootless-netns. The old name has been aliased to the new one and will still function, but may be removed in a future release.--cni-config-dir option to all Podman commands has been renamed to --network-config-dir as it will not be used with Netavark as well as CNI. The old name has been aliased to the new one and will still function, but may be removed in a future release.--format option to all Podman commands has been changed to improved functionality and Docker compatibility (#10974).podman ps --external flag previously required --all to also be specified; this is no longer truepodman-machine-cni CNI plugin has been integrated directly into Podman. The podman-machine-cni plugin is no longer necessary and should be removed.--device flag to podman create, podman run, and podman pod create would previously refuse to mount devices when Podman was run as a non-root user and no permission to access the device was available; it will now mount these devices without checking permissions (#12704).host) (#11448).podman save command was not automatically removing signatures from saved images.podman run --rm to return an error that a given container did not exist when trying to remove it, despite it having been safely removed (#11775).podman ps to return an error if a container was removed while the command was running (#11810).podman play kube would result in errors (#11803).:z and :Z options would be relabelled every time a container was started, not just the first time.podman tag command on a manifest list could tag an image in the manifest, and not the manifest list itself.podman inspect (#13083).--userns=keep-id) could not have any ports forwarded to them.podman system connection ls command would not print any output (including headers) if no connections were present.--memory-swappiness option to podman create and podman run did not accept 0 as a valid value.containers.conf for Podman would sometimes not be applied (#12296)./etc/resolv.conf was a symlink to a directory (#12461).podman container restore could sometimes restore containers with a different OCI runtime than they had been using before they were checkpointed.--signature-policy option to be used (with no effect); --signature-policy is not supported by the remote client (#12357).EXPOSE could not be run (#12293).:latest tag (#11964).--blkio-weight-device option to podman create and podman run was nonfunctional.podman generate systemd command did not support container entrypoints that were specified as JSON arrays (#12477).--hostname and --pod new: options, the hostname would be discarded; it is now set as the hostname of the created pod, which will be used by the container.podman network ls printed networks was not deterministic.podman kill command would sometimes not print the ID of containers that were killed.podman machine did not match their timezone to the host system (#11895).podman build command did not properly propagate non-0 exit codes from Buildah when builds failed.podman build command could fail to build images when the remote client was run on Windows and the Containerfile contained COPY instructions (#13119).--secret option to the podman build command was nonfunctional.podman build command would error if given a relative path to a Containerfile (#12841 and #12763).podman generate kube command would sometimes omit environment variables set in containers from generated YAML.userns=auto in containers.conf was not respected (#12615).podman run command would fail if the host machine did not have a /etc/hosts file (#12667).podman inspect reporting incorrect information (#12671).podman inspect command on containers was URL-encoding special characters in strings (e.g. healthcheck commands).podman generate kube command would generate YAML including optional environment variables from secrets and configmaps that are not included (#12553).podman pod create command would ignore the default infra image specified in containers.conf (#12771).host.containers.internal entry in /etc/hosts was set incorrectly to an inaccessible host IP for macvlan networks (#11351).--userns=auto) (#12779).cgroupfs (#12802).--env option to podman create and podman run (#12056).podman stats command would not show network usage statistics on containers using slirp4netns for networking (#11695)./dev/shm mount in the container was not mounted with nosuid, noexec, and nodev mount options.--shm-size option to podman create and podman run interpeted human-readable sizes as KB instead of KiB, and GB instead of GiB (such that a kilobyte was interpreted as 1000 bytes, instead of 1024 bytes) (#13096).--share=cgroup option to podman pod create controlled whether the pod used a shared Cgroup parent, not whether the Cgroup namespace was shared (#12765).slirp4netns network mode was run inside a systemd unit file, systemd could kill the slirp4netns process, which is shared between all containers for a given user (thus causing all slirp4netns-mode containers for that user to be unable to connect to the internet) (#13153).podman network connect and podman network disconnect commands would not update /etc/resolv.conf in the container to add or remove the DNS servers of the networks that were connected or disconnected (#9603).noTrunc query parameter is now ignored as such (#11894).stream=true query parameter (#12115).Label and Labels in the provided JSON configuration (#12102).containers.conf (#12550).PODMAN_USERNS environment variable (#11350).HostConfig.StorageOpt field (#11016).Mounts field (#12734).sha256:.size field (#12468).quiet query parameter (#12566).aux JSON (which included the ID of built images) in returned output (#12063).Content-Type in its responses (#13148).Died events for containers to die (previously, died was used; this was incompatible with Docker's output).exitCode field in Died events for containers.TimeNano field.podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.podman images command could, under some circumstances, take an excessive amount of time to list images (#11997).podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535).podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523).podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.--secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438)./etc/ as a symlink (#12189).podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).podman machine init would fail on OS X when GNU Coreutils was installed (#12329).podman machine start would exit before SSH on the started VM was accepting connections (#11532).podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).podman stats command would not return correct information for containers running Systemd as PID1 (#12400).podman image save command would fail on OS X when writing the image to STDOUT (#12402).podman ps command did not properly handle PS arguments which contained whitespace (#12452).podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).podman-remote would break the PATH environment variable by adding an extra " (#11416).ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.HostConfig.Mounts field (#12419).layers query parameter (for caching intermediate layers from the build) (#12378).podman tag could not tag manifest lists (#12046).podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports.podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995).podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034).podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713).--memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002).podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054).podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used.slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).dbus-daemon process to be created (#9727).checkpointed field in podman inspect on a container was not set to false after a container was restored.podman system service command would print overly-verbose logs about request IDs (#12181).podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824).podman machine list command would not properly populate some output fields.podman machine rm could leave dangling sockets from the removed machine (#11393).podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782).podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856).podman stop command could fail when run on a container that had another podman stop command run on it previously.--sync flag to podman ps was nonfunctional.podman stats command would fail (#11909).podman play kube command did not properly handle environment variables whose values contained an = (#11891).podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929).podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930).podman info command could, under some circumstances, not read available CGroup controllers (#11931).podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974).podman create command's --init-ctr option.podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.podman pod logs, to return logs for all containers in a pod at the same time.podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.podman image scp command has been added. This command allows images to be transferred between different hosts.podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.ip for removing networks (#11403).--macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.podman machine start command now prints a message when the VM is successfully started.podman stats command can now be used on containers that are paused.podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).healthy line to the system log to reduce log spam.podman machine now default to only using the docker.io registry.containers.conf) would cause them to be parsed incorrectly.journald log driver could be skipped.podman commit did not include ports exposed by the container.podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).--workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.--systemd option to podman create and podman run were case-sensitive (#11387).podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).TMPDIR environment variable was not set (#11418)./etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).podman machine start command could print warnings about unsupported CPU features (#11421).podman info command could segfault when accessing cgroup information.podman logs -f command could hang when a container exited (#11461).podman generate systemd command could not be used on containers that specified a restart policy (#11438).podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).podman build command would fail to build containers if the context directory was a symlink (#11732).--network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).podman play kube command ignored the default pod infra image specified in containers.conf.--format option to podman inspect was nonfunctional under some circumstances (#8785).podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).podman stats command would print nonsensical results if the container restarted while it was running (#11469).podman run command could return 0 when the application in the container exited with 125 (#11540).--restart=always set using the rootlessport port-forwarding service could not be restarted automatically.--cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.podman container runlabel command could fail if the image name given included a tag.127.0.0.1 entry to /etc/hosts under some circumstances (#11596).podman untag command did not properly handle tags including a digest (#11557).--format option to podman ps did not properly support the table argument for tabular output.--filter option to podman ps did not properly handle filtering by healthcheck status (#11687).podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).podman generate kube command would add default environment variables to generated YAML.podman generate kube command would add the default CMD from the image to generated YAML (#11672).podman rm --storage command could fail to remove containers under some circumstances (#11207).podman machine ssh command could fail when run on Linux (#11731).podman stop command would error when used on a container that was already stopped (#11740).podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).quiet, which (when set to true) suppresses image pull progress reports (#10612).sha256: for improved Docker compatibility (#11623).Mounts field (#10831).filter, which allows returned results to be filtered.podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304).podman machine commands would not properly locate the gvproxy binary in some circumstances.--pod-id-file option would not join the pod's network namespace (#11303).until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158).systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358).podman machine will now automatically handle port forwarding - containers in podman machine VMs that publish ports via --publish or --publish-all will have these ports not just forwarded on the VM, but also on the host system.podman play kube command's --network option now accepts advanced network options (e.g. --network slirp4netns:port_handler=slirp4netns) (#10807).podman play kube command now supports Kubernetes liveness probes, which will be created as Podman healthchecks.podman-restart.service, which, when enabled, will restart all containers that were started with --restart=always after the system reboots.rootless_networking option in containers.conf.image:tag@digest syntax (e.g. podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a) (#6721).podman container checkpoint and podman container restore commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.podman container restore command now features a new option, --publish, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.podman container checkpoint command now features a new option, --compress, to specify the compression algorithm that will be used on the generated checkpoint.podman pull command can now pull multiple images at once (e.g. podman pull fedora:34 ubi8:latest will pull both specified images).podman cp command can now copy files from one container into another directly (e.g. podman cp containera:/etc/hosts containerb:/etc/) (#7370).podman cp command now supports a new option, --archive, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.podman stats command now provides two additional metrics: Average CPU, and CPU time.podman pod create command supports a new flag, --pid, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.podman pod create command supports a new flag, --infra-name, which allows the name of the pod's infra container to be set (#10794).podman auto-update command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.podman auto-update command now supports a new option, --dry-run, which reports what would be updated but does not actually perform the update (#9949).podman build command now supports a new option, --secret, to mount secrets into build containers.podman manifest remove command now has a new alias, podman manifest rm.podman login command now supports a new option, --verbose, to print detailed information about where the credentials entered were stored.podman events command now supports a new event, exec_died, which is produced when an exec session exits, and includes the exit code of the exec session.podman system connection add command now supports adding connections that connect using the tcp:// and unix:// URL schemes.podman system connection list command now supports a new flag, --format, to determine how the output is printed.podman volume prune and podman volume ls commands' --filter option now support a new filter, until, that matches volumes created before a certain time (#10579).podman ps --filter option's network filter now accepts a new value: container:, which matches containers that share a network namespace with a specific container (#10361).podman diff command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed (#10649).prepare_on_create option in containers.conf (#10262).--gpus, has been added to podman create and podman run as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.podman system reset command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.podman machine requires gvproxy in order to function.install.cni makefile option has been removed. It is no longer required to distribute the default 87-podman.conflist CNI configuration file, as Podman will now automatically create it.--root option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using --storage-opt (#10393).podman system connection list is now deterministic, with connections being sorted alpabetically by their name.podman-auto-update.service) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.podman generate systemd now depend on network-online.target by default (#10655).podman generate systemd now use Type=notify by default, instead of using PID files.podman info command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.podman play kube command did not perform SELinux relabelling of volumes specified with a mountPath that included the :z or :Z options (#9371).podman play kube command would ignore the USER and EXPOSE directives in images (#9609).podman play kube command would only accept lowercase pull policies.:z or :Z options were not appropriately relabelled for access from the container (#10273).podman logs -f command, with the journald log driver, could sometimes fail to pick up the last line of output from a container (#10323).podman rm on a container created with the --rm option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.LISTEN_PID and LISTEN_FDS environment variables were set, but LISTEN_FDNAMES was not (#10435).-d and when the associated podman exec process was killed before completion.podman system service could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.slirp4netns network mode would leave zombie processes that were not cleaned up until podman system service exited (#9777).podman system service command would leave zombie processes after its initial launch that were not cleaned up until it exited (#10575).podman machine could not be started after the host system restarted (#10824).podman pod ps command would not show headers for optional information (e.g. container names when the --ctr-names option was given).podman create and podman run commands would ignore timezone configuration from the server's containers.conf file (#11124).podman build command would only respect .containerignore and not .dockerignore files (when both are present, .containerignore will be preferred) (#10907).podman build command would fail to send the Dockerfile being built to the server when it was excluded by the .dockerignore file, resulting in an error (#9867).podman build command could unexpectedly stop streaming the output of the build (#10154).podman build command would fail to build when run on Windows (#11259).podman manifest create command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).podman exec -i command would hang when input was provided via shell redirection (e.g. podman --remote exec -i foo cat <<<"hello") (#7360).--rm were not immediately removed after being started by podman start if they failed to start (#10935).--storage-opt flag to podman create and podman run was nonfunctional (#10264).--device-cgroup-rule option to podman create and podman run was nonfunctional (#10302).--tls-verify option to podman manifest push was nonfunctional.podman import command could, in some circumstances, produce empty images (#10994).docker-daemon: transport had the wrong registry (localhost instead of docker.io/library) (#10998).podman image prune and podman system prune) would prune untagged images with children (#10832).podman network create did not properly auto-assign an IPv4 subnet when one was not explicitly specified (#11032).rootlessport port forwarder would break when a network was disconnected and then reconnected (#10052).--net=host would add an entry to /etc/hosts for the container's hostname pointing to 127.0.1.1 (#10319).podman unpause --all command would throw an error for every container that was not paused (#11098).since and until filters using Unix timestamps with a nanoseconds portion could not be parsed (#11131).podman info command would sometimes print the wrong path for the slirp4netns binary.podman network connect and podman network disconnect of rootless containers could sometimes break port forwarding to the container (#11248).NetworkMode parameter set to default (#10569).ContainerConfig field (#10795).Content-Type header, rejecting content that Docker would have accepted (#11022).until query parameter (#10859).platform, message, and repo query parameters.platform query parameter.podman build command with the --isolation chroot flag that results in environment variables from the host leaking into build containers.podman save would refuse to save images with an architecture different from that of the host (#10835).podman import command did not correctly handle images without tags (#10854).dnsname CNI plugin was in use and the host system's /etc/resolv.conf was a symlink (#10855 and #10929).podman cp would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.podman logs command would, when following a running container's logs, not include the last line of output from the container when it exited when the k8s-file driver was in use (#10675).systemd-resolved was incorrectly detected as the system's DNS server (#10733).podman exec -t command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set (#10560).slirp4netns network mode would add an incorrect entry to /etc/hosts pointing the container's hostname to the wrong IP address.uid and gid options to podman volume create -o (#10620).podman run command could panic when parsing the system's cgroup configuration (#10666).podman build -f - ... command did not read a Containerfile from STDIN (#10621).podman container restore --import command would fail to restore checkpoints created from privileged containers (#10615).TMPDIR environment variable when pulling images (#10698).--format option.devices query parameter (#10614).make podman-remote-static target to build a statically-linked podman-remote binary was instead producing dynamic binaries (#10656).podman pull of the same image (instead of requiring they be removed first, then re-pulled)./usr/share/containers/seccomp.json (#10556).podman machine start command failed on OS X machines with the AMD64 architecture and certain QEMU versions (#10555).podman stats command would fail on Cgroups v1 systems when run on a container running systemd (#10602).podman container checkpoint did not function correctly.podman build command did not properly handle the -f option (#9871).podman run command would sometimes not resize the container's terminal before execution began (#9859).--filter option to the podman image prune command was nonfunctional.podman logs -f command would exit before all output for a container was printed when the k8s-file log driver was in use (#10596).podman network connect and podman network disconnect commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.podman network connect, podman network disconnect, and podman network reload commands have been enabled for rootless Podman.podman machine, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.podman generate kube command can now be run on Podman named volumes (generating PersistentVolumeClaim YAML), in addition to pods and containers.podman play kube command now supports two new options, --ip and --mac, to set static IPs and MAC addresses for created pods (#8442 and #9731).podman play kube command's support for PersistentVolumeClaim YAML has been greatly improved.podman generate kube command now preserves the label used by podman auto-update to identify containers to update as a Kubernetes annotation, and the podman play kube command will convert this annotation back into a label. This allows podman auto-update to be used with containers created by podman play kube.podman play kube command now supports Kubernetes secretRef YAML (using the secrets support from podman secret) for environment variables.type=env option to the --secret flag to podman create and podman run.podman start command now supports the --all option, allowing all containers to be started simultaneously with a single command. The --filter option has also been added to filter which containers to start when --all is used.--filter option to podman ps and podman start now supports a new filter, restart-policy, to filter containers based on their restart policy.--group-add option to rootless podman run and podman create now accepts a new value, keep-groups, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the crun OCI runtime.podman run and podman create commands now support a new option, --timeout. This sets a maximum time the container is allowed to run, after which it is killed (#6412).podman run and podman create commands now support a new option, --pidfile. This will create a file when the container is started containing the PID of the first process in the container.podman run and podman create commands now support a new option, --requires. The --requires option adds dependency containers - containers that must be running before the current container. Commands like podman start will automatically start the requirements of a container before starting the container itself.io.containers.autoupdate label set to local./etc/hosts, host.containers.internal, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) (#5651).podman ps, podman pod ps, podman network list, podman secret list, and podman volume list commands now support a --noheading option, which will cause Podman to omit the heading line including column names.podman unshare command now supports a new flag, --rootless-cni, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.--security-opt unmask= option to podman run and podman create now supports glob operations to unmask a group of paths at once (e.g. podman run --security-opt unmask=/proc/* ... will unmask all paths in /proc in the container).podman network prune command now supports a --filter option to filter which networks will be pruned.:z and :Z mount options for volumes were ignored for privileged containers has been reverted after discussion in #10209.rootless-cni-infra container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image (#8709).podman auto-update command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates (#10190).podman play kube now treats environment variables configured as references to a ConfigMap as mandatory unless the optional parameter was set; this better matches the behavior of Kubernetes.--context=default flag from Docker as a no-op for compatibility purposes.CAP_SYS_ADMIN being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).podman info command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.--rm option now automatically use the volatile storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.podman generate systemd --new command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.podman build command did not support the --arch, --platform, and --os, options.podman build command ignored the --rm=false option (#9869).podman build --iidfile command could include extra output (in addition to just the image ID) in the image ID file written (#10233).podman build command did not preserve hardlinks when moving files into the container via COPY instructions (#9893).podman generate systemd --new command could generate extra --iidfile arguments if the container was already created with one.podman generate systemd --new command would generate unit files that did not include RequiresMountsFor lines (#10493).podman generate kube command produced incorrect YAML for containers which bind-mounted both / and /root from the host system into the container (#9764).podman play kube from YAML that specified ShareProcessNamespace would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) (#9128).podman network reload command could generate spurious error messages when iptables-nft was in use.podman ps command could fail with a no such container error due to a race condition with container removal (#10120).slirp4netns network mode and setting a custom slirp4netns subnet while using the rootlesskit port forwarder would not be able to forward ports (#9828).--filter ancestor= option to podman ps did not require an exact match of the image name/ID to include a container in its results.--filter until= option to podman image prune would prune images created after the specified time (instead of before).seccomp_profile option in containers.conf had no effect, and the default profile was used instead.--cgroup-parent option to podman create and podman run was ignored in rootless Podman on cgroups v2 systems with the cgroupfs cgroup manager (#10173).IMAGE and NAME variables in podman container runlabel were not being correctly substituted (#10192).--restart=always) would lose networking after being restarted (#8047).podman cp command could not copy files into containers created with the --pid=host flag (#9985).podman events command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) (#10507).resolv.conf in containers without IPv6 connectivity (#10158).macvlan driver (#10283).IPAMConfig block (#10245).died instead of die) (#10168).podman rmi command could fail to remove corrupt images from storage.podman save command did not support the oci-dir and docker-dir formats (#9742).podman play kube created with a trailing / in the container path were were not properly superseding named volumes from the image (#9618).trace as a valid argument to the --log-level command. Trace logging is now the most verbose level of logging available.:z and :Z options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (--security-opt label=disable). This matches better matches Docker's behavior in this case.podman image prune or podman system prune commands could cause Podman to panic.podman save command did not properly error when the --compress flag was used with incompatible format types.--security-opt and --ulimit options to the remote Podman client's podman build command were nonfunctional.--log-rusage option to the remote Podman client's podman build command was nonfunctional (#9489).podman build command could, in some circumstances, use the wrong OCI runtime (#9459).podman build command could return 0 despite failing (#10029).podman container runlabel command did not properly expand the IMAGE and NAME variables in the label (#9405).--rm argument (#9983).cgroupfs cgroup manager was in use.podman stats command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer (#9979).--userns=keepid (without a --user flag in addition) would grant exec sessions run in them too many capabilities (#9919).--authfile option to podman build did not validate that the path given existed (#9572).--storage-opt option to Podman was appending to, instead of overriding (as is documented), the default storage options.podman system service connection did not function properly when run in a socket-activated systemd unit file as a non-root user.--network option to the podman play kube command of the remote Podman client was being ignored (#9698).--log-driver option to the podman play kube command was nonfunctional (#10015).podman secret create, podman secret inspect, podman secret ls and podman secret rm commands have been added to handle secrets, along with the --secret option to podman run and podman create to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.podman network prune, has been added (#8673).-v option to podman run and podman create now supports a new volume option, :U, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues (#7778).podman network exists, podman volume exists, and podman manifest exists, have been added to check for the existence of networks, volumes, and manifest lists.podman cp command can now copy files into directories mounted as tmpfs in a running container.podman volume prune command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune (#8913).podman build command now supports the --disable-compression, --excludes, and --jobs options.podman push command now supports the --format option.podman rm command now supports the --all and --ignore options.podman search command now supports the --no-trunc and --list-tags options.podman play kube command can now read in Kubernetes YAML from STDIN when - is specified as file name (podman play kube -), allowing input to be piped into the command for scripting (#8996).podman generate systemd command now supports a --no-header option, which disables creation of the header comment automatically added by Podman to generated unit files.podman generate kube command can now generate PersistentVolumeClaim YAML for Podman named volumes (#5788).podman generate kube command can now generate YAML files containing multiple resources (pods or deployments) (#9129).podman build command no longer allows the -v flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.podman kill and podman stop commands now print the name given by the user for each container, instead of the full ID.--security-opt unmask=ALL or --security-opt unmask=/sys/fs/cgroup options to podman create or podman run are given, Podman will mount cgroups into the container as read-write, instead of read-only (#8441).podman rmi command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.podman rename command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.--trace option to podman has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.podman generate systemd command now generates RequiresMountsFor lines to ensure necessary storage directories are mounted before systemd starts Podman.--tty and --interactive are both passed, but STDIN is not a TTY. This will be made into an error in the next major Podman release some time next year.podman network create with the --macvlan flag did not honor the --gateway, --subnet, and --opt options (#9167).podman generate kube command generated invalid YAML for privileged containers (#8897).podman generate kube command could not be used with containers that were not running.podman generate systemd command could duplicate some parameters to Podman in generated unit files (#9776).containers.conf to containers.no_hosts default in containers.conf when creating containers.--tail=0, --since, and --follow options to the podman logs command did not function properly when using the journald log backend.podman logs when the journald log backend was in use did not function correctly.podman run and podman create commands would panic if a memory limit was set, but the swap limit was set to unlimited (#9429).--network option to podman run, podman create, and podman pod create would error if the user attempted to specify CNI networks by ID, instead of name (#9451).podman stats command (#9252).podman cp did not properly handle cases where /dev/stdout was specified as the destination (it was treated identically to -) (#9362).podman cp command would create files with incorrect ownership (#9526).podman cp command did not properly handle cases where the destination directory did not exist.podman cp command did not properly evaluate symlinks when copying out of containers.podman rm -fa command would error when attempting to remove containers created with --rm (#9479).CapDrop field of the output of podman inspect on a container (#9490).podman network connect command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with --net=host) (#9496).dnsname CNI plugin were not being added to container's resolv.conf under some circumstances.--ignorefile option to podman build was nonfunctional (#9570).--timestamp option to podman build was nonfunctional (#9569).--iidfile option to podman build could cause Podman to panic if an error occurred during the build.--dns-search option to podman build was nonfunctional (#9574).--pull-never option to podman build was nonfunctional (#9573).--build-arg option to podman build would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) (#9571).--isolation option to podman build in the remote Podman client was nonfunctional.podman network disconnect command could cause errors when the container that had a network removed was stopped and its network was cleaned up (#9602).podman network rm command did not properly check what networks a container was present in, resulting in unexpected behavior if podman network connect or podman network disconnect had been used with the network (#9632).stopping state (#9615).podman load command could return 0 even in cases where an error occurred (#9672).--storage-opt option would override all storage options. Instead, storage options are now overridden only when the --storage-driver option is used to override the current graph driver (#9657).--privileged could request more capabilities than were available to Podman.podman commit did not use the TMPDIR environment variable to place temporary files created during the commit (#9825).CONFIG_USER_NS.podman volume create and then mounted into a container could be incorrect (#9608).--tz option to podman create and podman run did not properly validate its input.X-Registry-Auth header did not accept null as a valid value./auth, has been added. This endpoint validates credentials against a registry (#9564).[]), when no networks were present (#9293)./libpod/network/$ID/json) now has an alias at /libpod/network/$ID (#9691).NanoCpus option (#9523).WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).podman images command would cause the whole command to fail without printing output.--cgroups=split did not function properly on cgroups v1 systems.--entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).podman pod create to panic (#9374).--runtime option was not properly handled by the podman build command (#9365).podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).podman build command (including but not limited to --jobs) were nonfunctional (#9247).docker-java library.podman rename command, which allows containers to be renamed after they are created (#1925).podman copy command.podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.--label option to network create, and podman network ls can filter labels based on them.podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).podman pod create command now supports the --net=none option (#9165).podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the --opt option.containers.conf and use them to create volumes with podman volume create --driver.podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.--security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).podman pod ps command can now filter pods based on what networks they are joined to via the network filter.podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.podman volume prune commands now supports filtering what volumes will be pruned.podman system prune command now includes information on space reclaimed (#8658).podman info command will now properly print information about packages in use on Gentoo and Arch systems.containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.podman run when an invalid SELinux is specified have been improved.containers.conf allowing for advanced configuration of the namespaces they will share.podman history --no-trunc command would truncate the Created By field (#9120).Networks field of the output of podman inspect (#6618).WORKDIR instruction) but not present in the image, would not be created (#9040).podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176Containerfile when sending build context to the server (#8374)./sys as a new sysfs in some circumstances where it was acceptable.podman play kube command did not properly handle CMD and ARGS from images (#8803).podman play kube command did not properly handle environment variables from images (#8608).podman play kube command did not properly print errors that occurred when starting containers.podman play kube command errored when hostNetwork was used (#8790).podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211)./etc/hosts file every time the container restarted (#8921).podman search --list-tags command did not support the --format option (#8740).http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).--uidmap option that included a mapping beginning with UID 0.podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).podman logs command with the --follow option did not properly handle log rotation (#8733).HOSTNAME environment variables were overwritten by Podman (#8886).containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).--privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).podman exec command did not properly add capabilities when the container or exec session were run with --privileged.--enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).podman build --logfile did not actually write the build's log to the logfile.podman system service command did not close STDIN, and could display user-interactive prompts (#8700).podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).podman network create command created CNI configurations that did not include a default gateway (#8748).podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.podman events command did not properly handle future times given to the --until option (#8694).podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).--cap-add=all and --user options to podman create and podman run were combined.--layers option to podman build was nonfunctional (#8643).podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).--publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).--format did not support JSON output for individual fields (#8444).podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).--mount option to podman create and podman run did not ignore the consistency mount option.podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).--rootfs option to podman create and podman run) would fail (#9230).--format option to multiple Podman commands did not support the join function (#8773).podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).container:, correctly.containers.conf is now used).journald backend was in use, resulting in a leak of file descriptors (#8864).index out of range error under certain circumstances (#8870).--mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539).podman system reset command would print a warning about a duplicate shutdown handler being registered.sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers.podman run and podman create commands would fail to create containers from untagged images (#8558).podman exec command did not move the Conmon process for the exec session into the correct cgroup.ancestor option to podman ps --filter did not work correctly.--rm was set) if the Podman command that created them was invoked with --log-level=debug.Binds and Mounts parameters in HostConfig.Name query parameter.NetworkMode (this value is used extensively by docker-compose) (#8544).target query parameter as the image's tag.github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging.CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here.podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.podman generate kube command now features support for exporting container's memory and CPU limits (#7855).podman play kube command now features support for setting CPU and Memory limits for containers (#7742).podman play kube command now supports persistent volumes claims using Podman named volumes.podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).podman play kube command now supports a --log-driver option to set the log driver for created containers.podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).--mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.podman-remote executable have been added.--log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).--network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.podman search command can now output JSON using the --format=json option.podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.--tls-verify and --authfile options have been enabled for use with remote Podman./etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.--volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.podman pod ps command now supports a new filter status, that matches pods in a certain state.podman network rm --force command will now also remove pods that are using the network (#7791).podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given./dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.podman-remote (e.g. --cgroup-manager, --storage-driver).--storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.--storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.--publish and --net=host) are specified when creating a container.--restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).containers.conf; defaults will instead be provided by the server's containers.conf (#7657).podman network rm command now has a new alias, podman network remove (#8402).podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.newuidmap binary was not installed (#7776).--pull option to podman run, podman create, and podman build did not match Docker's behavior.containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.containers environment variable in addition to the expected container environment variable.podman untag --all command was not supported with remote Podman.podman system service command could time out even if active attach connections were present (#7826).podman system service command would sometimes never time out despite no active connections being present.podman run would fail if the image specified was a manifest list and had already been pulled (#7798).podman manifest inspect command would fail for images that had already been pulled (#7726).--user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).podman image prune could leave images ready to be pruned after podman image prune was run (#7872).podman logs command with the journald log driver would not read all available logs (#7476).--rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).--format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.--namespace option to podman ps did not work with the remote client (#7903)./etc/hosts file would not be correctly populated for containers in a user namespace (#7490).podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).-p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).containers.conf or with the --cgroup-manager option (#7830).podman inspect command did not include information on the CNI networks a container was connected to if it was not running.podman attach command would not print a newline after detaching from the container (#7751).HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).podman container restore command could panic when the container in question was in a pod (#8026).podman image trust show --raw command was not properly formatted.podman runlabel command could panic if a label to run was not given (#8038).podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).$PATH on subsequent invocations.--net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).podman ps command did not include information on all ports a container was publishing.podman build command incorrectly forwarded STDIN into build containers from RUN instructions.podman wait command's --interval option did not work when units were not specified for the duration (#8088).--detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context)./etc/resolv.conf file (which occurs on some WSL2 images) (#8089).--extract option to podman cp was nonfunctional.--cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).podman attach command would not exit when containers stopped (#8154)./ characters (#8160).known_hosts file on the host for establishing connections (#8159).podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184)./dev/shm filesystem between all containers in the pod (#8181).podman volume list were not inclusive (#6765).podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).--net option to podman build was incorrect (#8322).podman build command would print the ID of the built image twice when using remote Podman (#8332).podman stats command did not show memory limits for containers (#8265).podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).--tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).XDG_ environment variables.podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).$PATH when searching for the Podman executable to run the healthcheck.--ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).podman container ps alias for podman ps was missing (#8445).GET /images/get, has been added (#7950).X-Registry-Config header to specify registry authentication configuration.httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.Libpod-Buildha-Version instead of Libpod-Buildah-Version).CAP_ (Docker does not do so).driver parameter if it was not provided by the client.RootFS, VirtualSize, ParentId, Architecture, Os, and OsVersion fields of the response.ParentId field if the image had no parent, and the Created field if the image did not have a creation time.Force query parameter.podman info command now includes the cgroup manager Podman is using.varlink build tag enabled.podman save command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.json-file log driver did not write logs.podman-remote start --attach did not properly handle detaching using the detach keys.podman pod ps --filter label=... did not work.podman build command did not respect the --runtime flag.podman image mount, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it (#1433).podman save and podman load commands can now create and load archives containing multiple images (#2669).podman network commands, and rootless containers can now be joined to networks.podman build on ADD and COPY instructions has been greatly improved, especially when a .dockerignore is present.podman run and podman create commands now support a new mode for the --cgroups option, --cgroups=split. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy (#6400).podman run and podman create commands can now specify options to slirp4netns by using the --network option as follows: --net slirp4netns:opt1,opt2. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.podman ps command now features a new option, --storage, to show containers from Buildah, CRI-O and other applications.podman run and podman create commands now feature a --sdnotify option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in Type=notify units.podman run command now features a --preserve-fds option to pass file descriptors from the host into the container (#6458).podman run and podman create commands can now create overlay volume mounts, by adding the :O option to a bind mount (e.g. -v /test:/test:O). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.podman play kube command now supports the Socket HostPath type (#7112).podman play kube command now supports read-only mounts.podman play kube command now supports setting labels on pods from Kubernetes metadata labels.podman play kube command now supports setting container restart policy (#7656).podman play kube command now properly handles HostAlias entries.podman generate kube command now adds entries to /etc/hosts from --host-add generated YAML as HostAlias entries.podman play kube and podman generate kube commands now properly support shareProcessNamespace to share the PID namespace in pods.podman volume ls command now supports the dangling filter to identify volumes that are dangling (not attached to any container).podman run and podman create commands now feature a --umask option to set the umask of the created container.podman create and podman run commands now feature a --tz option to set the timezone within the container (#5128).containers.conf configuration file.--mount option of podman run and podman create now supports a new mount type, type=devpts, to add a devpts mount to the container. This is useful for containers that want to mount /dev/ from the host into the container, but still create a terminal.--security-opt flag to podman run and podman create now supports a new option, proc-opts, to specify options for the container's /proc filesystem.crun OCI runtime now supports a new option to podman run and podman create, --cgroup-conf, which allows for advanced configuration of cgroups on cgroups v2 systems.podman create and podman run commands now support a --override-variant option, to override the architecture variant of the image that will be pulled and ran.--runtime-flags, which allows for setting flags to use when the OCI runtime is called.podman manifest add command now supports the --cert-dir, --auth-file, --creds, and --tls-verify options.podman exec command would previously print error messages (e.g. exec session exited with non-zero exit code -1) when the command run exited with a non-0 exit code. It no longer does this. The podman exec command will still exit with the same exit code as the command run in the container did./run. This was previously limited to 65k in size and mounted noexec, but is now unlimited size and mounted exec.podman system reset command no longer removes configuration files for rootless Podman./etc/hosts for a container if it joined another container's network namespace (#66782).podman save --format oci-dir saved the image in an incorrect format (#6544).--format option of podman system df was not properly interpreting format codes that included backslashes (#7149).newuidmap and newgidmap, even if /etc/subuid and /etc/subgid contained valid mappings for the user running Podman.podman commit command did not properly handle single-character image names (#7114).podman ps --format=json did not include a Status field (#6980).--log-level option was no longer case-insensitive.podman images could segfault when an image pull was aborted while incomplete, leaving an image without a manifest (#7444).~/.config directory when it did not exist, despite not placing any configuration files inside the directory.podman system df was inconsistent based on whether the -v option was specified (#7405).--security-opt apparmor=unconfined would error if Apparmor was not enabled on the system (#7545).podman stop on multiple containers starting with --rm could sometimes cause no such container errors (#7384).podman-remote would still try to contact the server when displaying help information about subcommands.podman build --logfile command would segfault.podman generate systemd command did not properly handle containers which were created with a name given as --name=$NAME instead of --name $NAME (#7157).podman ps was ignoring the --latest flag.podman-remote kill command would hang when a signal that did not kill the container was specified (#7135).--oom-score-adj option of podman run and podman create was nonfunctional.--display option of podman runlabel was nonfunctional.podman runlabel command would not pull images that did not exist locally on the system.podman-remote run would not exit with the correct code with the container was removed by a podman-remote rm -f while podman-remote run was still running (#7117).podman-remote run --rm command would error attempting to remove containers that had already been removed (e.g. by podman-remote rm --force) (#7340).podman --user with a numeric user and podman run --userns=keepid could create users in /etc/passwd in the container that belong to groups without a corresponding entry in /etc/group (#7389).podman run --userns=keepid could create entries in /etc/passwd with a UID that was already in use by another user (#7503).podman --user with a numeric user and podman run --userns=keepid could create users that could not be logged into (#7499).--userns container:$ID would fail (#7547).podman play kube command would trim underscores from container names (#7020).podman attach command would not show output when attaching to a container with a terminal (#6523).podman system df command could be extremely slow when large quantities of images were present (#7406).podman images -a would break if any image pulled by digest was present in the store (#7651).--mount option to podman run and podman create required the type= parameter to be passed first (#7628).--infra-command parameter to podman pod create was nonfunctional.podman auto-update would fail for any container started with --pull=always (#7407).podman wait command would only accept a single argument.--volumes-from option to podman run and podman create was broken, making it impossible to use multiple mount options at the same time (#7701).podman exec command would not join executed processes to the container's supplemental groups if the container was started with both the --user and --group-add options.--iidfile option to podman-remote build was nonfunctional.last parameter to the Libpod container list endpoint now has an alias, limit (#6413).filter query parameter (#6797).noTrunc option to the Libpod image search endpoint./etc/passwd could be re-created every time a container is restarted if the container's /etc/passwd did not contain an entry for the user the container was started as./etc/passwd file specifying a non-root user would not start.--remote flag would sometimes not make remote connections and would instead attempt to run Podman locally./etc/passwd for the user who ran Podman if run with --userns=keep-id.podman system connection command has been reworked to support multiple connections, and re-enabled for use!--connection, to specify a connection to a remote Podman API instance.--systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).--security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.podman play kube would not honor the hostIP field for port forwarding (#5964).podman generate systemd command would panic on an invalid restart policy being specified (#7271).podman images command could take a very long time (several minutes) to complete when a large number of images were present.podman logs command with the --tail flag would not work properly when a large amount of output would be printed (#7230).podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a nonexistent command) (#6893).podman load command with remote Podman would did not honor user-specified tags (#7124).podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).--publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).podman start --attach command would not print the container's exit code when the command exited due to the container exiting.podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).podman run command with remote Podman and the --rm flag could exit before the container was fully removed.--pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.--preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.$PATH and $TERM) were not set in containers when not provided by the image.podman network create with an IPv6 subnet did not properly set an IPv6 default route.podman save command would not work properly when its output was piped to another command (#7017)./sys/fs/cgroup/systemd to the host.podman build would not generate an event on completion (#7022).podman history command with remote Podman printed incorrect creation times for layers (#7122).CMD from the container image if the user overrode ENTRYPOINT (#7115).podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).podman version command did not properly include build time and Git commit.systemd cgroup manager would fail (#6734).--cap-add were not properly added when a container was started as a non-root user via --user.application/tar content type (instead only accepting application/x-tar) (#7185)._ping endpoint (e.g. http://localhost/v1.40/_ping).podman system service shut down due to its idle timeout (#7294).Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.podman image search did not populate the Description field as it was mistakenly assigned to the ID field.podman build - and podman build on an HTTP target would fail.podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068).podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100).--publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062).podman images --format could cause Podman to segfault.podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153).podman stats --format=json.CgroupVersion field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).podman search command now allows wildcards in search terms.podman play kube command now supports the IfNotPresent pull type.--disable-content-trust flag has been added to Podman for Docker compatibility. This is a Docker-specific option and has no effect in Podman; it is provided only to ensure command line compatibility for scripts (#7034)./sys/dev folder is now masked in containers to prevent a potential information leak from the host.podman play kube (#6995).--pids-limit flag to podman create and podman run was parsed incorrectly and was unusable (#6908).podman system df command would error if untagged images were present (#7015).podman images command would display incorrect tags if a port number was included in the repository.podman pod inspect.--systemd=true flag) would not flag a container for systemd mode if systemd was part of the entrypoint, not the command (#6920).podman start --attach was not defaulting --sig-proxy to true (#6928).podman inspect would show an incorrect command (podman system service, the command used to start the server) for containers created by a remote Podman client.podman exec command with the remote client would not print output if the -t or -i flags where not provided.--format {{ json . }} to podman info (involving added or removed whitespace) would not be accepted (#6927).--entrypoint="", it would be reset to the image's entrypoint) (#6935).podman system connection command has been temporarily disabled, as it was not functioning as expected.podman ps command would not truncate long container commands, resulting in display issues as the column could become extremely wide (the --no-trunc flag can be used to print the full command).podman pod commands operating on multiple containers (e.g. podman pod stop and podman pod kill) would not print errors from individual containers, but only a warning that some containers had failed.podman system service command would panic if a connection to the Events endpoint hung up early (#6805).--user directive.TMPDIR environment variable (used for storing temporary files while pulling images) was not being defaulted (if unset) to /var/tmp.--publish flag to podman create and podman run required that a host port be specified if an IP address was given (#6806).podman-remote commands performing an attach (podman run, podman attach, podman start --attach, podman exec) did not properly configure the terminal on Windows.--remote flag to Podman required an argument, despite being a boolean (#6704).podman generate systemd --new command could generate incorrect unit files for a pod if a container in the pod was created using the --pod=... flag (with an =, instead of a space, before the pod ID) (#6766).NPROC and NOFILE rlimits could be improperly set for rootless Podman containers, causing them to fail to start.podman mount as rootless did not error (the podman mount command cannot be run rootless unless it is run inside a podman unshare shell).podman system connection command was mistakenly omitted from the 2.0 release, and has been included here.podman ps --format=json command once again includes container's creation time in a human-readable format in the CreatedAt key.podman inspect commands on containers now displays forwarded ports in a format compatible with docker inspect.--log-level=debug flag to podman run and podman exec will enable syslog for exit commands, ensuring that debug logs are collected for these otherwise-unlogged commands.podman build did not properly handle the --http-proxy and --cgroup-manager flags./etc/subuid or /etc/subgid file were very unclear (#6572).podman logs --follow command would not stop when the container being followed exited.--privileged flag had mistakenly been marked as conflicting with --group-add and --security-opt.PODMAN_USERNS environment variable was not being honored (#6705).podman image load command would require one argument be passed, when no arguments is also valid (#6718).podman network command and its subcommands.podman-remote and podman --remote commands.podman untag command was not erroring when no matching image was found.podman ps command was not showing port mappings for containers which share a network namespace with another container (e.g. are part of a pod).--remote flag could unintentionally be forwarded into containers when using podman-remote.podman generate systemd would not allow individual containers to be restarted (#6770).podman run and podman create commands did not support all transports that podman pull does (#6744).label option to --security-opt would only be shown once in podman inspect, even if provided multiple times./json.podman system service are no longer experimental, and ready for use!--remote flag.podman system connection command has been added to allow configuring the endpoint that podman-remote and podman --remote will connect to.podman generate systemd command now supports the --new flag when used with pods, allowing portable services for pods to be created.podman play kube command now supports running Kubernetes Deployment YAML.podman exec command now supports the --detach flag to run commands in the container in the background.-p flag to podman run and podman create now supports forwarding ports to IPv6 addresses.podman run, podman create and podman pod create command now support a --replace flag to remove and replace any existing container (or, for pod create, pod) with the same name--restart-policy flag to podman run and podman create now supports the unless-stopped restart policy.--log-driver flag to podman run and podman create now supports the none driver, which does not log the container's output.--mount flag to podman run and podman create now accepts readonly option as an alias to ro.podman generate systemd command now supports the --container-prefix, --pod-prefix, and --separator arguments to control the name of generated unit files.podman network ls command now supports the --filter flag to filter results.podman auto-update command now supports specifying an authfile to use when pulling new images on a per-container basis using the io.containers.autoupdate.authfile label.podman varlink command, is deprecated and will be removed in the next release.podman ps, podman images most notably) has changed.tmpfs filesystems added to containers are no longer mounted noexec by default.podman exec command would log to journald when run in containers logged to journald (#6555).podman auto-update command would not preserve the OS and architecture of the original image when pulling a replacement (#6613).podman cp command could create an extra merged directory when copying into an existing directory (#6596).podman pod stats command would crash on pods run with --network=host (#5652).podman network inspect and podman network rm commands did not properly handle non-default CNI configuration paths (#6212).podman inspect would sometimes incorrectly report the network mode of containers started with --net=none.conmon is killed before the container it is monitoring.HairpinMode to allow communication between containers by connecting to a forwarded port on the host.noexec for improved compatibility with Dockerpodman save would fail when the target image was specified by digest (#5234)--http-proxy flag could not be overridden by --env or --env-file (#6017)libpod.conf, instead defaulting to containers.conf. The default libpod.conf will remain available in the GitHub repository until the release of Podman 2.0--log-path and multiple container logs were placed in the same directory (#5915)libpod.conf, print numerous warning messages about an invalid CGroup manager configpodman run --userns=auto, which automatically allocates a unique UID and GID range for the new container's user namespacepodman play kube command now has a --network flag to place the created pod in one or more CNI networkspodman commit command now supports an --iidfile flag to write the ID of the committed image to a filecontainers.conf configuration file has been added. containers.conf allows for much more detailed configuration of some Podman functionalitypodman info command resulting in breaking changes. Many fields have been renamed to better suit usage with APIv2--timeout flag have been switched to prefer the alternative --time. The --timeout flag will continue to work, but man pages and --help will use the --time flag instead$PATH to Conmon and the OCI runtime, causing issues for some OCI runtimes that required itpodman play kube would not properly handle container-only port mappings (#5610)podman container prune command was not pruning containers in the created and configured states--security-opt was not given at the command lineChanges, Checkpoint, Init, and Restorepodman system service command would time out and exit while there were still active connectionsk8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the architecture metadata for non-AMD64 imagesslirp4netns networking utility in rootless Podman now uses Seccomp filtering where available for improved securitypodman generate systemd --new would not force containers to detach, causing the unit to time out when trying to startpodman system reset could delete important system directories if run as rootless on installations created by older Podman (#4831)podman build would not properly set the OS and Architecture they were built with (#5503)podman run with --sig-proxy enabled (the default), when built with Go 1.14, would repeatedly send signal 23 to the process in the container and could generate errors when the container stopped (#5483)podman run commands could hang when forwarding ports/proc was mounted with the hidepid option setpodman system service command would use large amounts of CPU when --timeout was set to 0 (#5531)podman create and podman runpodman pod create to enable customization of pod networks, including --add-host, --dns, --dns-opt, --dns-search, --ip, --mac-address, --network, and --no-hostspodman ps --format=json command now includes the ID of the image containers were created withpodman run and podman create commands now feature an --rmi flag to remove the image the container was using after it exits (if no other containers are using said image) (#4628)podman create and podman run commands now support the --device-cgroup-rule flag (#4876)podman create and podman run commands now feature a --no-healthcheck flag to disable healthchecks for a container (#5299)io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities usedpodman generate kube command now includes SELinux configuration passed into the container via --security-opt label=... (#4950)resolv.conf (#5256)/ characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location (#5219)label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087)podman login and podman logout commands required the registry to log into be specified (#5146)--detach-keys="" would not disable detaching from a container (#5166)podman ps command was too aggressive when filtering containers and would force --all on in too many situationspodman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174)Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields (#5110)podman pull could fail to parse registry names including port numberspodman build -f would not list available files that could be built (#3878)podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148)podman logs --tail could take large amounts of memory when the log file for a container was large (#5131)firewalldpodman inspect command would not display network information for containers properly if a container joined multiple CNI networks (#4907)--uts flag to podman create and podman run would only allow specifying containers by full ID (#5289)podman port command was incorrectly interpreting additional arguments as container names, instead of port numberspodman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130)--group-add$TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) (#5411)create and logs endpoints for containers has been added/swagger/ endpoint to serve API documentationjson endpoint for containers has received many fixesstats endpoint for containers has seen major fixes and now provides accurate outputCreated field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name should still workCreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still workbefore filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter--password flag to podman login now warns that passwords are being passed in plaintextpodman system renumber must be run to resolve the deadlockpodman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testingpodman untag command has been added to remove tags from images without deleting thempodman inspect command on images now displays previous names they usedpodman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers--log-opt tag= to set logging tags has been added to the journald log driverpodman run and podman create via the new --seccomp-policy CLI flag (#4806)podman play kube command now honors pull policy (#4880)podman cp command would not copy the contents of directories when paths ending in /. were given (#4717)podman play kube command did not properly locate Seccomp profiles specified relative to localhost (#4555)podman info command for remote Podman did not show registry information (#4793)podman exec command did not support having input piped into it (#3302)podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying (#4813)podman container prune --force command could possible remove running containers if they were started while the command was running (#4844)slirp4netns networking when requested (#4853)podman run --userns=keep-id did not work when the user had a UID over 65535 (#4838)podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE (#4846)podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set (#4822)podman-remote push would segfault (#4706)podman inspect (#4799)--rm flag was given, even if they were given names (#5009)podman history was not computing image sizes correctly (#4916)--sort flag to podman imagespodman commit was mandatory, not optional as it should be (#5027)" to %PATH (#4335)podman build command would sometimes ignore the -f option and build the wrong Containerfilepodman ps --filter command would only filter running containers, instead of all containers, if --all was not passed (#5050)podman load command on compressed images would leave an extra copy on diskpodman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start (#5051)--memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported (#5091)macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected topodman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411)podman system reset command to remove all Podman files and perform a factory reset of the Podman installation--history flag to podman images to display previous names used by images (#4566)--ignore flag to podman rm and podman stop to not error when requested containers no longer exist--cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a filepodman play kube command now honors Seccomp annotations (#3111)podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptionspodman version command has been changed to better match docker version when using the --format flagtmpcopyup and notmpcopyup options to the --tmpfs and --mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them--detach-keys=""podman build command now supports the --pull and --pull-never flags to control when images are pulled during a buildpodman ps -p command now shows the name of the pod as well as its ID (#4703)podman inspect command on containers will now display the command used to create the containerpodman info command now displays information on registry mirrors (#4553)--change flag to podman import and podman commit was not being parsed properly in many caseslibpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556)podman pod stats even on CGroups v2 enabled systems (#4634)renameat2 syscall (#4570)--net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626)podman run with the --rm flag and without -d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exitedpodman rm --storage command to complete removal (#3906)--rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774)podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346)podman system renumber would always throw an error if a container was mounted when it was runpodman container restore would fail with containers using a user namespacepodman history would sometimes not properly identify the IDs of layers in an image (#3359)--authfile existed (#4328)podman images --digest would not always print digests when they were availablepodman run could hang due to a race with reading and writing eventspodman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434)podman cp would not work if STDIN was a pipepodman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397)podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396)slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344)podman stats command would print CPU utilizations figures incorrectly (#4409)podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744)podman kill command was not properly validating signals before use (#4746)--quiet and --format flags to podman ps could not be used at the same timepodman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host)podman pod rm --force command was not removing anonymous volumes for containers that were removedpodman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606)--rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666)kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the systemcrun runtime can create containers with significantly less memorylibpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.-v flag to the podman create and podman run commandsuid and gid options in --opt o=... to set UID and GID of the created volumepodman start command would print container ID, instead of name, when starting containers given their namepodman play kubepodman exec would have the wrong SELinux label in some circumstances (#4361)slirp4netns would be lostpodman run --network=$NAME would not throw an error in rootless Podman, where CNI networks are not supportedpodman network create would throw confusing errors when trying to create a volume with a name that already existssystemd CGroup manager was specified, but systemd could not be contacted over DBusnoexec (#4318)podman stats command required the name of a container to be given, instead of showing all containers when no container was specified (#4274)podman volume inspect command would not show the options that named volumes were created withstorage.conf at time of first creation for rootless Podman (#2659)conmon that is in use to ensure it is sufficient--runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full supportpodman rm command can now remove containers in broken states which previously could not be removedpodman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespacepodman build --squash-all flag, which squashes all layers (including those of the base image) into one layer--systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the container entrypoint is systemdpodman top command did not work on systems using CGroups V2 (#4192)podman start --attach --sig-proxy=false would still proxy signals into the containerauth.json), breaking podman login integration with skopeo and other tools using the containers/image librarypodman ps --format=json and podman images --format=json would display null when no results were returned, instead of valid JSONpodman build --squash was incorrectly squashing all layers into one, instead of only new layerspodman stats was broken on systems running CGroups V2 when run rootless (#4268)podman start command would print the short container ID, instead of the full IDpodman ps and could not be removed via podman rmpodman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup--pids-limit 0 to podman create and podman runpodman start --attach command now automatically attaches STDIN if the container was created with -ipodman network create command now validates network names using the same regular expression as container and pod names--systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd)cgroupfs CGroups managerslirp4netns networking would fail to start containers due to mount leakspodman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podmanpodman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems--cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtimepodman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891)podman run and podman create commands now support the --pull flag to allow forced re-pulling of images (#3734)--volume, --mount, and --tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819)--mount now allows the relabel=Z and relabel=z options to relabel mounts.podman push command now supports the --digestfile option to save a file containing the pushed digestpodman pod create --hostname or providing Pod YAML with a hostname set to podman play kube (#3732)podman image sign command now supports the --cert-dir flagpodman run and podman create commands now support the --security-opt label=filetype:$LABEL flag to set the SELinux label for container filespodman pull would panic if a Varlink connection was not available (#4013)podman exec would not properly set terminal size when creating a new exec session (#3903)podman exec would not clean up socket symlinks on the host (#3962)podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983)~/.config directory could cause rootless Podman to use an incorrect directory for storing some filespodman import threw errorspodman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945)podman exec when the container was not run inside a CGroup owned by the user (#3937)podman play kube would panic when given Pod YAML without a securityContext (#3956)storage.conf configuration items were set to the empty string (#3952)podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938)podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829)podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870)/etc/subuid and /etc/subgid after a container was launched--device flag (#3905)commit Varlink API would segfault if provided incorrect arguments (#3897)podman remote cp crashed instead of reporting it was not yet supported (#3861)podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838)oci: transport would be improperly namedpodman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572)podman exec --preserve-fds caused Podman to hang (#4020)$HOME environment variable when the OCI runtime did not set ittmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman runpodman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894)STDIN when the -i flag was not set (#4095)podman play kube would create an empty pod when given an unsupported YAML type (#4093)podman import --change improperly parsed CMD (#4000)podman system renumber after upgrading.podman play kubepodman pause or podman stats on a rootless container on a system without CGroups V2 enabledTMPDIR has been set to /var/tmp by default to better handle large temporary filespodman wait has been optimized to detect stopped containers more rapidlyContainerManager annotation indicating they were created by libpodpodman info command now includes information about slirp4netns and fuse-overlayfs if they are availablepodman volume inspect has been more closely matched to docker volume inspectpodman run and podman create did not honor the --authfile option (#3730)podman container restore --import would incorrectly duplicate the Conmon PID file of the original containerpodman build ignored the default OCI runtime configured in libpod.confpodman run --rm (or force-removing any running container with podman rm --force) were not retrieving the correct exit code (#3795)podman inspect and podman commit would not use the correct CMD for containers run with podman play kubepodman events command with the --since or --until options could take a very long time to complete--userns=container:$ID, or a user namespace at an arbitrary path with --userns=ns:$PATHnewuidmap and newgidmap executables) by passing --storage-opt ignore_chown_errorspodman generate kube command now produces YAML for any bind mounts the container has created (#2303)podman container restore command now features a new flag, --ignore-static-ip, that can be used with --import to import a single container with a static IP multiple times on the same hostpodman events to output JSON by specifying --format=jsonconmon binary cannot be found at the paths specified in libpod.conf, Podman will now also search for them in the calling user's pathpodman import with URLs (#3609)podman ps command now supports filtering names using regular expressions (#3394)--privileged set will now mount in all host devices that the user can accesspodman create and podman run commands now support the --env-host flag to forward all environment variables from the host into the containerHostConfig portion of the output of podman inspect on containers has been improved and synced with Docker--cgroupns=private to podman run or podman createpodman create and podman run commands now support the --ulimit=host flag, which uses any ulimits currently set on the host for the containerpodman rm and podman rmi commands now use different exit codes to indicate 'no such container' and 'container is running' errorscrun OCI runtime has been greatly improved, allowing resource limits to be set for rootless containers when the CGroups V2 hierarchy is in usepodman restart to fail to start containers with portspodman search would return at most 25 results, even when the maximum number of results was set higherpodman play kube would not honor capabilities set in imported YAML (#3689)podman run --env, when passed a single key (to use the value from the host), would set the environment variable in the container even if it was not set on the host (#3648)podman commit --changes would not properly set environment variablespodman volume rm could remove arbitrary volumes if given an ambiguous name (#3635)podman exec invocations leaked memory by not cleaning up files in tmpfs--dns and --net=container flags to podman run and podman create were not mutually exclusive (#3553)cgroupfs CGroup driverHEALTHCHECK CMD format where not properly supported (#3507)podman run did not use authorization credentials when a custom path was specified (#3524)podman container checkpoint did not properly set their finished timepodman inspect on any container not created with podman run or podman create (for example, pod infra containers) would result in a segfault (#3500)podman create and podman run were incorrectly named (#3455)more was not correctly specified--mount flag to podman create and podman run did not allow boolean arguments for its ro and rw options (#2980)ENTRYPOINT to CMD during podman commit (and when reporting CMD in podman inspect) (#3708)podman events with the journald events backend would incorrectly print 6 previous events when only new events were requested (#3616)podman port would exit prematurely when a port number was specified (#3747). as an argument to the --dns-search flag to podman create and podman run was not properly clearing DNS search domains in the containerpodman info command now displays the events logger being in usepodman inspect command on containers now includes the ID of the pod a container has joined and the PID of the container's conmon process-v short flag for podman --version has been re-addedpodman pull should be significantly clearerpodman exec command is now available in the remote clientsudo -E would not work after running rootless Podman at least oncetmpfs volumes added with the --tmpfs flag were being ignored--runtime and will always use that runtimecached and delegated options for volume mounts are now allowed for Docker compatibility (#3340)podman diff command now supports the --latest flagpodman cp on a single file would create a directory at the target and place the file in it (#3384)podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts/etc/hosts files for their own hostname (#3405)podman ps --sync would segfault (#3411)podman generate kube would produce an invalid ports configuration (#3408)--cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf--log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future (#3363)libpod.conf file now allows the crun OCI runtime to be used if it is installedRUN instructionspodman kill on containers that are not running has been improvedpodman exec command now sets its error code differently based on whether the container does not exist, and the command in the container does not existpodman inspect command on containers now outputs Mounts JSON that matches that of docker inspect, only including user-specified volumes and differentiating bind mounts and named volumespodman inspect command now reports the path to a container's OCI spec with the OCIConfigPath key (only included when the container is initialized or running)podman run --mount command now supports the bind-nonrecursive option for bind mounts (#3314)podman play kube would fail to create containers due to an unspecified log driverslirp4netns networking in an environment with no nameservers on the host other than localhost would result in nonfunctional networking (#3277)podman import would not properly set environment variables, discarding their values and retaining only keyspodman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems (#1618)podman cp command now supports a pause flag to pause containers while copying into thempodman cp command improperly dereferenced symlinks in host contextpodman commit could improperly set environment variables that contained = characters (#3132)podman version on the remote client could segfault (#3145)podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executedpodman generate kube did not work with containers with named volumespermission denied errors accessing conmon.pid (#3187)podman cp with a folder specified as target would replace the folder, as opposed to copying into it (#3184)tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime (#3229)podman exec would fail on older kernels (#2968)podman inspect command on containers now uses the Id key (instead of ID) for the container's ID, for better compatibility with the output of docker inspectpodman commit command is now usable with the Podman remote client--signature-policy flag (used with several image-related commands) has been deprecatedpodman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containerspodman cp command is now aliased as podman container cpinit_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configurationpodman cp command can now read input redirected to STDIN, and output to STDOUT instead of a file, using - instead of an argument.podman versionpodman unshare command has been added, allowing easy entry into the user namespace set up by rootless Podman (allowing the removal of files created by rootless Podman, among other things)--rm flag were removing created volumes when they were automatically removed (#3071)cgroupfs CGroup driver would encounter a race condition during removal, potentially failing to remove the pod CGrouppodman container checkpoint and podman container restore commands were not visible in the remote clientpodman remote ps --ns would not print the container's namespaces (#2938)libpod.conf file was causing parsing errors (#3095)--restart flag on podman create and podman run allows containers to be restarted after they exit. Please note that Podman cannot restart containers after a system reboot - for that, see our next featurepodman generate systemd command was added to generate systemd unit files for managing Podman containerspodman runlabel command now allows a $GLOBAL_OPTS variable, which will be populated by global options passed to the podman runlabel command, allowing custom storage configurations to be passed into containers run with runlabel (#2399)podman play kube command now allows File and FileOrCreate volumespodman pod prune command was added to prune unused podspodman system migrate command to migrate containers using older configurations to allow their use by newer Libpod versions (#2935)--http-proxy flag (enabled by default)/tmp, /var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)podman init command was added, performing all container pre-start tasks without starting the container to allow pre-run debuggingpodman cp would not copy folders (#2836)podman rmi sometimes did not produce an event when images were deletedpodman images would not print a header if no images were present (#2877)podman images command with --filter dangling=false would incorrectly print dangling images instead of images which are not dangling (#2884)/sys/kernelpodman create would panic when trying to create a container whose name already existedpodman pull would exit 0 on failing to pull an image (#2785)podman pull would not properly print the cause of errors that occurred (#2710)ctrl-z in a shell (#2775)/sys/ were cleaned up already by the closing of the mount namespacepodman play kube was not including environment variables from the image run (#2930)podman play kube would not properly clean up partially-created pods when encountering an errorpodman commit with the --change flag improperly set CMD when a multipart value was provided (#2951)--mount flag to podman create and podman run did not properly validate its arguments, causing Podman to panic--mount, --volume, and --tmpfs flags were not properly reported--mount flag could not be used with named volumes--mount flag did not properly set options for created tmpfs filesystemspodman logout would not print an error when the login was established by docker login (#2735)podman stop would error when not all containers were running (#2993)podman pull would fail to pull images by shortname if they were not present in the docker.io registrypodman login would error when credentials were not present if a credential helper was configured (#1675)podman system renumber command and Podman post-reboot state refreshes would not create eventspodman top command was not compatible with docker top syntaxregistries.conf config filepodman run, podman create, podman start, podman restart, podman attach, podman stop, podman port, podman rm, podman top, podman image tree, podman generate kube, podman umount, podman container checkpoint, and podman container restore commands are now available in the remote clientpodman volume command was performed. There should be no major user-facing changes, but downgrading from Podman 1.3 to previous versions may render some volumes unable to be removed.podman events command now logs events to journald by default. The old behavior (log to file) can be configured in podman.conf via the events_logger optionpodman commit command, in versions 1.2 and earlier, included all volumes mounted into the container as image volumes in the committed image. This behavior was incorrect and has been disabled by default; it can be re-enabled with the --include-volumes flagpodman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspectpodman events command was added to show a stream of significant eventspodman ps command now supports a --watch flag that will refresh its output on a given intervalpodman image tree command was added to show a tree representation of an image's layerspodman logs command can now display logs for multiple containers at the same time (#2219)podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option (#2372)podman images command can now filter images by reference (#2266)podman system df command was added to show disk usage by Podman--add-host option can now be used by containers sharing a network namespace (#2504)podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself (#2520)slirp4netns binary for rootless networking via the --network-cmd-path flag (#2506)/etc/subuid and /etc/subgid (#1651)podman runlabel command now supports the --replace option to replace containers using the name requestedCMD and ENTRYPOINT instead of a fixed command (#2182)podman play kube command now supports the HostPath and VolumeMounts YAML fields (#2536)resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create (#2744)podman version command now supports the {{ json . }} template (which outputs JSON)podman run --device (#2380)--config flag specified would not use appropriate defaults (#2510)--net=host) would show SELinux as enabled in the container when there were no privileges to use itSTDIN could cause Podman to run out of memorypodman play kube would sometimes segfault (#2209)podman runlabel did not respect the $PWD variable (#2171)podman build could not access DNS servers when slirp4netns was in use (#2572)podman stop and podman rm would not work on containers which specified a non-root user (#2577)podman exec would fail when --user was specified (#2566)podman pod create would fail if a pod shared no namespaces but created an infra containerpodman rm would exit 0 if no containers specified were found (#2539)podman run would fail to enable networking for containers with additional CNI networks specified (#2795)podman images command on the remote client was not displaying digests (#2756)podman image save would, when told to save to a path that exists, return an error, but still delete the file at the given path--env would cause parsing errors (#2712)podman umount would not error if called with no argumentspodman create kube was being ignored (#2665)podman pod inspect command would segfault if not given an argument (#2681)podman pod top would fail (#2682)podman load command would not error if an input file is not specified and a file was not redirected to STDINpodman could fail if global configuration was altered via flag (for example, --root, --runroot, --storage-driver)podman ps, as opposed to together as a range (#1358)podman run --rootfs could panic (#2654)podman build would fail if options were specified after the directory to build (#2636)podman create and podman run would have incorrect permissions (#2634)podman image inspect command incorrectly allowed the --latest, --type, and --size optionspsgo library to v1.2, featuring greatly improved safety during concurrent usepodman events command may not show all activity regarding images, as only Podman was instrumented; images created, deleted, or pulled by CRI-O or Buildah will not be shown in podman eventspodman pod top and podman pod stats commands are now usable with the Podman remote clientpodman kill and podman wait commands are now usable with the Podman remote clientrestarting state and mapped stopped (also unused) to exited in podman ps --filter status. (period) characterpodman image list, podman image rm, and podman container list had broken global storage options--label option to podman create and podman run was missing the -l alias--config flag would not set an appropriate default value for tmp_dir (#2408)podman logs command with the --timestamps flag produced unreadable output (#2500)podman cp command would automatically extract .tar files copied into the container (#2509)podman container stop command is now usable with the Podman remote clientpodman container restore was erroneously available as podman restore (#2191)volume_path option in libpod.conf was not being respectedvarlink tag was not present (#2459)podman image load command was listed twice in help textpodman image sign command was also listed as podman signpodman image list command incorrectly had an image aliaspodman images command incorrectly had ls and list aliasespodman image rm command was being displayed as podman image rmipodman create command would attempt to parse arguments meant for the container--time alias for --timeout for the podman restart and podman stop commands did not functionpodman stop)podman port was incorrect, printing full container ID instead of truncated IDpodman container list command did not existpodman build could not build a container from images tagged locally that did not exist in a registry (#2469)podman play kube could not handle cases where a pod and a container shared a namenewuidmap and newgidmap binaries fail when using rootless Podman-s alias for the global --storage-driver option has been removedpodman container refresh command has been deprecated, as its intended use case is no longer relevant. The command has been hidden and manpages deleted. It will be removed in a future releasepodman container runlabel command will now pull images not available locally even without the --pull option. The --pull option has been deprecatedpodman container checkpoint and podman container restore commands are now only available on OCI runtimes where they are supported (e.g. runc)--latest and --all flags to podman mount and podman umount-p and -P flags as root Podman)libpod.conf if they are not explicitly set in the user's own libpod.conf (#2174)-f for the --format flag of the podman info and podman version commands-s for the --size flag of the podman inspect commandpodman system info and podman system prune commandspodman cp command to copy files between containers and the host (#613)--password-stdin flag to podman login--all-tags flag to podman pull--rm and --detach flags can now be used together with podman runpodman start and podman run commands for containers in pods will now start dependency containers if they are stoppedpodman system renumber command to handle lock changes--net=host and --dns flags for podman run and podman create no longer conflictip netns add when they are passed in via podman run --net=ns:podman inspect where different information would be returned when the container was running versus when it was stoppedpodman inspect were silently ignored instead of reported to the user (#2159)--pid=host containers was incorrectly masking paths in /procPodman were not reported when a refresh was requestedpodman prune would prune all images not in use by a container, as opposed to only untagged images, by default (#2192)podman create --quiet and podman run --quiet were not properly suppressing outputtable keyword in Go template output of podman ps was not working (#2221)podman inspect on images pulled by digest would double-print @sha256 in output when printing digests (#2086)podman container runlabel will return a non-0 exit code if the label does not exist/dev/pts was unconditionally overridden in rootless Podman, which was unnecessary except in very specific cases/etc/containers/storage.conf (#2217)podman images --filter dangling=true would crash if no dangling images were present (#2246)podman ps --format "{{.Mounts}}" would not display a container's mounts (#2238)podman pod stats was ignoring Go templates specified by --format (#2258)podman generate kube would fail on containers with --user specified (#2304)podman images displayed incorrect output for images pulled by digest (#2175)podman port and podman ps did not properly display ports if the container joined a network namespace from a pod or another container (#846)podman create --rm did not work with podman start --attachpodman create and podman run could cause segfaults (#2301)runtime field in libpod.conf was being ignored. runtime is legacy and deprecated, but will continue to be respected for the foreseeable futurepodman login would sometimes report it logged in successfully when it did notpodman pod create would not error on receiving unused CLI argumentpodman run with the --pod argument would fail if the pod was stoppedpodman images did not print a trailing newline when not invoked on a TTY (#2388)--runtime option was sometimes not overriding libpod.confpodman pull and podman runlabel would sometimes exit with 0 when they should have exited with an error (#2405)podman export -o would fail (#2381)nosuid, nodev, or noexec (#2312)--net=container:), you should run the podman system renumber command to migrate your containers to the new model - please reference the podman-system-renumber(1) man page for further details:z and :Z options, preventing users from accidentally performing an SELinux relabel of their entire home directorypodman container runlabel command will not pull an image if it does not contain the requested labelpodman rm can now delete containers in containers/storage, which can be used to resolve some situations where Podman fails to remove a containerpodman search command now searches multiple registries in parallel for improved performancepodman build command now defaults --pull-always to truepodman rm and podman rmi commands now return 1 (instead of 127) when all specified container or images are missingpodman exec command now includes a --workdir option to set working directory for the executed commandpodman create and podman run commands now support the --init flag to use a minimal init process in the containerpodman image sign command to GPG sign imagespodman run --device flag now accepts directories, and will added any device nodes in the directory to the containerpodman play kube command to create pods and containers from Kubernetes pod YAMLpodman create or podman run volumes with an empty host or container path could cause a segfaultstorage.conf was sometimes ignored for rootless containerspodman login would use existing login credentials even if new credentials were providedpodman runlabel was not properly setting container names when the --name was specifiedpodman runlabel sometimes included extra spaces in command outputpodman commit was including invalid port numbers in created images when committing containers with published portspodman exec was not honoring the container's environment variablespodman run --device would fail when a symlink to a device was specifiedpodman build was not properly picking up OCI runtime paths specified in libpod.conf/dev/shm into the container read-only for read-only containers (/dev/shm should always be read-write)/dev/shmpodman export did not work with the default fuse-overlayfs storage driverpodman inspect -f '{{ json .Config }}' on images would not output anything (it now prints the image's config)podman rmi -fa displayed the wrong error message when trying to remove images used by pod infra containerspodman build, featuring improved build speed and numerous bugfixespodman start --attach command now defaults the sig-proxy option to true, matching podman create and podman runpodman info command now prints the path of the configuration file controlling container storagepodman list and podman ls as aliases for podman ps, and podman container ps and podman container list as aliases for podman container lspodman generate kube to generate Kubernetes service YAML in the same file as pod YAML, generating a single file instead of twopodman inspect -f '{{ json .ContainerConfig }}' on images is no longer valid; please use podman inspect -f '{{ json .Config }}' instead--rm which failed to start were not removed/etc/passwd inside containerspodman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and podspodman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod~/.config/containers/ for ease of reconfigurationpodman pod create command can expose ports in the pod's network namespace, allowing public services to be created in podspodman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flagpodman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connectionspodman version command now has a --format flag to produce machine-readable outputpodman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or IDpodman ps --pod flag now has a short alias, -ppodman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectivelypodman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errorspodman volume set of commands for creating and managing local-only named volumespodman exec without -t would still use a terminal if the container was created with -tpodman exec could hold the container lock longer than necessary waiting for an exited containerslirp4netns for networking were reporting using bridge networking in podman inspectpodman container restore -a was attempting to restore all containers, including created and running ones. It will now only attempt to restore stopped and exited containersnodevpodman stop would throw an error attempting to stop a container that had already stoppedNOTIFY_SOCKET was not properly being passed into Podman containers/dev/shm was not properly mounted in rootless containersinotify related errors/etc/group--net=container were not mounting /etc/resolv.conf and /etc/hostspodman build now defaults the --force-rm flag to truepodman runlabel support for labels featuring arguments with whitespaceresolv.confslirp4netns network mode can now be used with containers running as root. It may be useful for container-in-container scenarios where the outer container does not have host networking setinotify to wait for container exit files to be created, instead of polling. If inotify cannot be used, Podman will fall back to polling to check if the file has been createdpodman logs command now uses improved short-options handling, allowing its flags to be combined if desired (for example, podman logs -lf instead of podman logs -l -f)libpod.conf configuration file. They can be specified as an array via hooks_dirpodman exec could time out on slower systems by increasing the relevant timeoutpodman rm -f now removes paused containers. As such, podman rm -af completing successfully guarantees all Podman containers have been removedpodman info to show if Podman is being run as rootlesspodman images - image sizes now feature a space between number and unit (e.g. 123 MB now instead of 123MB)containers/storage to fix several bugs reported upstream--all and --latest flags to podman checkpoint and podman restore--max-workers flag to all Podman commands that support operating in parallel, allowing the maximum number of parallel workers used to be specified--all flag to podman restartpodman port -l would segfault if no containers were presentpodman stats -a would error if containers were present but not runningcriu is being used-e FOO) caused errors (they are now added as empty)--cid-file was specified to podman runpodman unmount would refuse to unmount a container if it was running (the unmount will now be deferred until the container stops)podman attach would fail to attach due to a too-long path namepodman info was not properly reporting the Git commit Podman was built frompodman run --interactive was not holding STDIN open when -a flag was specifiedcgroupfs CGroup driver was sometimes not successfully removing pod CGroupspodman run with the --user flag would fail if the container image did not contain /etc/passwd or /etc/grouppodman rm, podman restart, podman kill, podman pause, and podman unpause now operate in parallel, greatly improving speed when multiple containers are specifiedpodman create, podman run, and podman ps have a number of improvements which should greatly increase their speedpodman runlabel to run commands that are not Podman/etc/hostsSeveral paths related to rootless Podman had their default values changed in this release. If paths were not hardcoded in libpod.conf, your system may lose track of running containers and believe they are newly-created.
podman build would not work while any containers were runningpush, pull, login, logout, runlabel, and search commandspodman buildpodman container checkpoint and podman container restore commands to checkpoint and restore containerspodman container runlabel command to run containers based on commands contained in their imagespodman create --ip and podman run --ip flags to allow setting static IPs for containerspodman kill --all flag to send a signal to all running containers--syslog flag is specifiedpodman create and podman run to document existing --net flag as an alias for --networkresolv.conf in container would unconditionally forward nameservers into the container, even localhost--security-opt label=disable to assign the correct labelpodman stop to work in parallel when multiple containers are specified, greatly speeding up stop for containers that do not stop after SIGINTpodman buildpodman info to better debug issueslibpod.conf, label, to globally enable/disable SELinux labelling for libpod--mount flag to podman create and podman run as a new, more explicit way of specifying volume mounts/proc in containers/etc/hosts) in read-only containers/dev/shm in --ipc=container and --ipc=host containers to use the correct SHMpodman diff to not display some default changes that will not be committedpodman build--interval flag to podman wait to determine the interval between checks for container statuslibpod.conf to disable reserving ports for running containers. This lowers the safety of port allocations, but can significantly reduce memory usage.podman searchpodman create with no command specified throwing an errorpodman rm --volumes flag for compatibility with Docker. As Podman does not presently support named volumes, this does nothing for now, but provides improved compatibility with the Docker command line.podman pullIt is recommended that you restart your system firewall after installing this release to clear any firewall rules created by older Podman versions. If port forwarding to containers does not work, it is recommended that you restart your system.
podman pod command as non-rootpodman rmi --all to not error if no images are present on the systempodman logs to properly handle CRI logging, fixing some issues with blank lines in logspodman run -v /dev/:/dev)--log-level=debug is specifiedpodman build now defaults to caching intermediate layers while buildingpodman run --entrypointpodman execpodman with a symlinked storage directory crashingpodman ps and multiple filters where the interface did not match Dockerresolv.conf on the host to handle symlinkspodman run -h to specify the container's hostname (as it does in Docker) instead of printing help textpodman wait was busywaiting and consuming large amounts of CPUpodman pod top commandpodman inspectpodman run and podman createpodman pod stats to accept partial pod IDs and pod namesALWAYS matches--net=host setpodman exec --user would not work with usernames, only numeric IDsWe switched JSON encoding/decoding to a new library for this release to address a compatibility issue introduced by v0.8.2. However, this may cause issues with containers created in 0.8.2 and 0.8.3 with custom DNS servers.