What Are Containers?

Containers are essentially little virtual machines – but just for applications. They use a lot of the same concepts and carry much of the same security and ease-of-use features, but they’re much smaller and allow for easy imaging and distribution of an application. This is a lot of what Flatpaks and Snaps are based on. You can start to see the parallels: one program, multiple applications that run in isolated environments.

What Is Podman?

Many of us have heard of Docker, the OG of container engines. Podman is a similar container engine that uses very similar structure to Docker with a couple of key differences. One is that Podman is daemonless, whereas Docker relies on a daemon. This means Podman containers can work without root-level permissions, allowing for more security and flexibility. A container running at a user level means users can only see their containers and nobody else’s. Podman is lighter on system resources due to the simpler architecture, which makes for a more enjoyable experience. The daemonless architecture leads to something called rootless containers. It’s a concept that builds on the previous difference but focuses on security. If an attacker compromises your container and manages to escape for whatever reason, they only have basic user permissions rather than root permissions. This requires some additional setup to get going, and there are some shortcomings at the moment, but it’s something that’s worth a look.

Installing Podman

For most distros, Podman is in the main repositories, making it a simple installation command:

Using Podman

The command syntax to start a Podman container can be a little confusing, but once you start to get the hang of it, you’ll start to recognize the patterns. There’s a sample container from the project that you can run by entering this command into the terminal: That will pull some images from the registry that’s listed, and once it’s done, you’ll get a long number. You’ll end up seeing that later when you check on running containers. To check running Podman containers, enter the following command: You’ll see the container that you started earlier. This confirms that it’s running. However, if you want to specifically look at the webpage that Apache is running, you’ll run the following command: Replacing 0.0.0.0 with whatever IP address is shown when you ran the podman ps command. You should get a bunch of garbled HTML, but if you look right at the top, you’ll notice the syntax for a title in HTML and will know it’s working.

Podman Images

Something that’s nice about Podman is using images. You can search for other images like the httpd or other programs that you’re interested in running. I searched for vncserver, and this is what I got. You can see that there are many options, and it’ll just come down to your personal preference. To grab one of those images, run the podman pull command. It’s recommended that you pull the full url for the container registry to be completely accurate. As an example, the command I’m running is: rather than just running podman pull vncserver because there may be images I don’t want that’ll be chosen instead of this one that I do want. You can also check on your images with this command: And stop containers with this command: The -l flag means it’ll stop the latest run container, but you can also use the -a flag to stop all containers. You may have noticed that Podman can also look at docker.io for container images. That’s because the Podman commands and the Docker commands are essentially the same – so much so that it’s sometimes recommended to alias the docker command to podman like this: This means any time you enter docker, your machine will run the podman command anyway.

Rootless Podman

To set your system up for rootless containers, there’s quite some setup to go through, but there’s great documentation on their Github page. I hope you enjoyed this primer on Podman, a great little tool that will allow you to run daemonless, rootless containers to keep your system lean, tidy, and secure. If you did, make sure to check out some of our other container content, like our guides on running Ubuntu in a container in ChromeOS, copying Docker containers to another host, and limiting Docker Container resources.