July 2025 - Podman - Podman List Archives

by lejeczek

Hi guys. Do you use # in your envs? I wonder if it's just me having issues with those. For a test, to reproduce the issue, 'ghost' web solution would be easy & quick: -> $ podman run -dt ...................... --env database__client=mysql --env database__connection__host=11.1.0.1 --env database__connection__user=ghostadm --env database__connection__password='xyz#admghost' --env database__connection__database=ghost_xyz --env url=https://ghost.xyz So far all I've tried with 'database__connection__password' failed, quoting &| escaping. I often use # - does anybody have a way to make it work? many thanks, L.

1 day, 7 hours

3
3
0 / 0

Docker Compose is configured to build using Bake, but buildx isn't installed

by Mehdi Haghgoo

Hello, When I run docker-compose up on macOS, I see this warning. It's new to me. Maybe, this has been added after a recent compose update. > WARN[0000] Docker Compose is configured to build using Bake, but buildx isn't installed [+] Building 0.0s (0/0) Given that I have Podman Desktop installed and I use it for container workloads, can someone explain what this means and if I need to do something about it?

1 week, 3 days

1
0
0 / 0

Podman Community Meeting, Tues Aug 5, 2025 @ 11:00 am EDT (UTC-4)

by Tom Sweeney

Hey all! We've an exciting Podman Community Meeting coming up in one week and a few minutes from now on Tues, Aug 5, 11:00 am EDT (UTC-4). We'll be talking Orches, MCP, and Reproducible Container Builds. Agenda with meeting info: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both t

1 week, 5 days

1
0
0 / 0

non-root users - how to "sqash" all container's uids to owner's uid?

by lejeczek

Hi guys. How can - if possible at all - all uids, or uids which container whats to use/map, be "squashed" into container ower's uid? many thanks, L.

2 weeks, 1 day

1
0
0 / 0

Podman candidate v5.6.0-rc1 Released

by container.tools.ci＠gmail.com

Hi all, Podman candidate v5.6.0-rc1 is now available. You may view the full details at https://github.com/containers/podman/releases/tag/v5.6.0-rc1 Release candidate Notes: -------------- ### Features - A new set of commands for managing Quadlets has been added as `podman quadlet install` (install a new Quadlet for the current user), `podman quadlet list` (list installed Quadlets), `podman quadlet print` (print the contents of a Quadlet file), and `podman quadlet rm` (remove a Quadlet). These commands are presently not available with the remote Podman client - we expect support for this to arrive in a future release. - Quadlet `.container` units can now specify environment variables without values in the `Environment=` key, retrieving the value from the host when the container is started ([#26247](https://github.com/containers/podman/issues/26247)). - Quadlet `.pod` units now support two new keys, `Label=` (to set labels on the created pod) and `ExitPolicy=` (to set exit policy for the created pod) ([#25961](https://github.com/containers/podman/issues/25961) and [#25596](https://github.com/containers/podman/issues/25596)). - Quadlet `.image` units now support a new key, `Policy=`, to set pull policy for the image (e.g. pull always, pull only if newer version available) ([#26446](https://github.com/containers/podman/issues/26446)). - Quadlet `.network` units now support a new key, `InterfaceName=`, to specify the name of the network interface created. - The `podman machine init` command now supports a new option, `--swap`, enabling swap in the created virtual machine and setting it to a given size (in megabytes) ([#15980](https://github.com/containers/podman/issues/15980)). - The `--mount` option to `podman create` and `podman run` now supports `dest=` as a valid alias for `destination=`. - The `podman kube play` command can now restrict container execution to specific CPU cores and specific memory nodes using the `io.podman.annotations.cpuset/$ctrname` and `io.podman.annotations.memory-nodes/$ctrname` annotations ([#26172](https://github.com/containers/podman/issues/26172)). - The `podman kube play` command now supports the `lifecycle.stopSignal` field in Pod YAML, allowing the signal used to stop containers to be specified ([#25389](https://github.com/containers/podman/issues/25389)). - The `podman volume import` and `podman volume export` commands are now available in the remote Podman client ([#26049](https://github.com/containers/podman/issues/26409)). - The `--build-context` option to `podman build` is now supported by the remote Podman client ([#23433](https://github.com/containers/podman/issues/23433)). - The `podman volume create` command now accepts two new options, `--uid` and `--gid`, to set the UID and GID the volume will be created with. - The `podman secret create` command now has a new option, `--ignore`, causing the command to succeed even if a secret with the given name already exists. - The `podman pull` command now has a new option, `--policy`, to configure pull policy. - The `--mount type=artifact` option to `podman create`, `podman run`, and `podman pod create` now allows the filename of the artifact in the container to be set using the `name=` option (e.g. `podman run --mount type=artifact,name=$NAME,...`). - The `--tmpfs` option to `podman create` and `podman run` now allows a new option, `noatime`, to be passed (e.g. `podman run --tmpfs /run:noatime ...`) ([#26102](https://github.com/containers/podman/issues/26102)). - The `podman update` command now has a new option, `--latest`, to update the latest container instead of specifying a specific container ([#26380](https://github.com/containers/podman/issues/26380)). - A new command, `podman buildx inspect`, has been added to improve Docker compatibility ([#13014](https://github.com/containers/podman/issues/13014)). ### Changes - For users running `podman machine` VMs using the `libkrun` provider on an M3 or newer host running macOS 15+, nested virtualization is enabled by default. - When creating `podman machine` VMs on Windows using the WSL v2 provider, images are now pulled as artifacts from `quay.io/podman/machine-os`, matching the behavior of other VM providers. - Signal forwarding done by the `--sig-proxy` option to `podman run` and `podman attach` is now more robust to races and no longer forwards the `SIGSTOP` signal. - The `podman system check --quick` command now skips checking layer digests. - Podman on Windows using the WSLv2 provider now prefers the WSL executable in `C:\Program Files\Windows Subsystem for Linux\wsl.exe` over the one in `WindowsApps`, avoiding common “access denied” issues ([#25787](https://github.com/containers/podman/issues/25787)). - The `--mount type=artifact` option to `podman create`, `podman run`, and `podman pod create` now mounts artifacts containing a only a single blob as a file at the given destination path if the path does not exist in the image. - The `podman volume export` command now refuses to export to `STDOUT` if it is a TTY ([#26506](https://github.com/containers/podman/issues/26506)). - When generating Quadlet units with options known to be problematic when used with Podman, such as `User=`, `Group=`, and `DynamicUser=` in the `[Service]` section of a unit, Quadlet will now warn the user of the potential incompatibility ([#26543](https://github.com/containers/podman/issues/26543)). ### Bugfixes - Fixed a bug where the `--security-opt unmask=` option to `podman create` and `podman run` did not allow comma-separated lists of paths to be passed, instead only allowing a single path. - Fixed a bug where stopping a Podman container could unintentionally kill non-Podman processes if the PID of an exec session started inside the container was reused for a new process while the container was running ([#25104](https://github.com/containers/podman/issues/25104)). - Fixed a bug where `podman machine init` could fail if run in a Podman container ([#25950](https://github.com/containers/podman/issues/25950)). - Fixed a bug where `podman machine` VMs would sometimes receive incorrect timezone information. - Fixed a bug where `podman machine` VMs created with a custom username would not have lingering enabled. - Fixed a bug where the `podman machine init` command on Windows when using the WSL 2 provider did not reliably determine if WSL was installed ([#25523](https://github.com/containers/podman/issues/25523)). - Fixed a bug where the name of Quadlet `.pod` units that did not specify the `PodName=` key was set incorrectly ([#26062](https://github.com/containers/podman/issues/26062)). - Fixed a bug where Quadlet `.container` units joining a pod specified in a `.pod` unit would fail as the pod name was set incorrectly when creating the container ([#26105](https://github.com/containers/podman/issues/26105)). - Fixed a bug where Quadlet would not generate `RequiresMountsFor` when mounting a `.volume` unit with `Type=bind` set into a container ([#26125](https://github.com/containers/podman/issues/26125)). - Fixed a bug where Quadlet dropin files were not correctly overwritten by new dropin files with the same name further along the hierarchy if the two dropin files did not share a parent directory ([#26555](https://github.com/containers/podman/issues/26555)). - Fixed a bug where Quadlet would sometimes not print warnings when failing to parse units ([#26542](https://github.com/containers/podman/issues/26542)). - Fixed a bug where Quadlet `.pod` files did not include the last `Environment=` key in the `[Service]` section in the generated systemd service ([#26521](https://github.com/containers/podman/issues/26521)). - Fixed a bug where starting a container with already-running dependencies would fail. - Fixed a bug where OCI hooks in a directory specified with `--hooks-dir` would fail to run when containers were restarted ([#17935](https://github.com/containers/podman/issues/17935)). - Fixed a bug where the `--mount` option to `podman create` and `podman run` required the `type=` option to be specified, instead of defaulting to `volume` when it was not present ([#26101](https://github.com/containers/podman/issues/26101)). - Fixed a bug where the `podman kube play` command would fail on Windows when specifying an absolute path to YAML files ([#26350](https://github.com/containers/podman/issues/26350)). - Fixed a bug where the `--security-opt seccomp=` option to `podman create`, `podman run`, and `podman pod create` could error on Windows when given a path to a Seccomp profile ([#26558](https://github.com/containers/podman/issues/26558)). - Fixed a bug where the `--blkio-weight-device`, `--device-read-bps`, `--device-write-bps`, `--device-read-iops`, and `--device-write-iops` options to `podman create` and `podman run` incorrectly accepted non-block devices. - Fixed a bug where the `podman build` command handled the `--ignorefile` option differently from the `buildah bud` command ([#25746](https://github.com/containers/podman/issues/25746)). - Fixed a bug where the `podman rm -f` command could return an error when trying to remove a running container whose `conmon` process had been killed ([#26640](https://github.com/containers/podman/issues/26640)). - Fixed a bug where the `podman inspect` command did not correctly display log size for containers when `log_size_max` was set in containers.conf. ### API - A full set of API endpoints for interacting with artifacts has been added, including inspecting artifacts (`GET /libpod/artifacts/{name}/json`), listing all artifacts (`GET /libpod/artifacts/json`), pulling an artifact (`POST /libpod/artifacts/pull`), removing an artifact (`DELETE /libpod/artifacts/{name}`), adding an artifact (or appending to an existing artifact) from a tar file in the request body (`POST /libpod/artifacts/add`), pushing an artifact to a registry (`/libpod/artifacts/{name}/push`), and retrieving the contents of an artifact (`GET /libpod/artifacts/{name}/extract`). - The Compat Create endpoint for Containers now accepts a new parameter, `HostConfig.CgroupnsMode`, to specify the cgroup namespace mode of the created container. - The Compat Create endpoint for Containers now respects the `base_hosts_file` option in `containers.conf`. - The Compat Info endpoint now returns a new field, `DefaultAddressPools`. - Fixed a bug where the Compat Delete API for Containers would remove running containers when the `FORCE` parameter was set to true; Docker only removes stopped containers ([#25871](https://github.com/containers/podman/issues/25871)). - Fixed a bug where the Compat List and Compat Inspect endpoints for Containers returned container status using Podman statuses instead of converting to Docker-compatible statuses ([#17728](https://github.com/containers/podman/issues/17728)). - Fixed a bug where healthchecks that exceeded their timeout were not properly terminated; they now receive SIGTERM, then SIGKILL after a delay, if their timeout is exceeded ([#26086](https://github.com/containers/podman/pull/26086)). - Fixed a bug where `application/json` responses would be HTML escaped, mutating some responses (e.g. `<missing>` becoming `\u003cmissing\u003e` in image history responses) ([#17769](https://github.com/containers/podman/issues/17769)). ### Misc - Quadlet now no longer uses container/pod ID files when stopping containers, but instead passes the name of the container/pod directly to `podman stop`/`podman pod stop`. - When building Podman via Makefile, it will now attempt to dynamically link sqlite3 if the library and header are installed locally. This and other optimizations should result in a significant reduction in binary size relative to Podman 5.5.x. Packagers can use the `libsqlite3` build tag to force this behavior when not using the Makefile to build. - Updated Buildah to v1.41.0 - Updated the containers/common library to v0.64.0 - Updated the containers/storage library to v1.59.0 - Updated the containers/image library to v5.36.0

2 weeks, 2 days

1
0
0 / 0

volume & mount on Gluster

by lejeczek

Hi guys. I have a possibly peculiar case of... misbehavior? I can create a container, eg.: podman run -dt --restart=never --publish 18445:3000 $(cat <(echo "$_REDMINE_GLOB")) --volume ${_PATH}/root:/root:z --name ${_NAME} --volume ${_PATH}/share/config/configuration.yml:/usr/src/redmine/config/configuration.yml:z --volume /00-APPOWNIA/${_NAME}/files:/usr/src/redmine/files,bind:z --volume ${_PATH}/themes:/usr/src/redmine/themes:z docker.io/library/redmine && podman container logs -f redmine.hub.mine.priv here: ... /00-APPOWNIA/${_NAME}/files:/usr/src/redmine/files,bind:z /00-APPOWNIA is fuse-mounted Gluster volume Files uploaded in/via Redmine do not go into host's filesystem - unless "regular" filesystem is used, not Gluster. Container itself does not log any (evident) errors - seems that that volume does "really" mounts? Any & all thoughts are much appreciated. thanks, L.

2 weeks, 3 days

1
0
0 / 0

podman behavior on podman machine vs native

by Ed Haynes

I use podman desktop on my mac but do most things from the command line. Consider this simple container file below. If I run from the mac command line "podman run -it test" it successfully launches it on the podman machine (a virtual fedora instance). From within container space if I do "id" I see userid 2000 as expected. If I ssh into the podman machine, and look at the uid of the running container it is also 2000 on the host fedora virtual machine as well. This is different than how it behaves if I run the same "podman run -it test" on a native RHEL9 machine. I can also log into it and see it is uid 2000 from within container but when I look a the native RHEL9 process running the container it has a uid of 526287. Why is the behavior different? Is the remote podman client on the mac launching things differently? Thanks, Ed # Use Red Hat UBI 9 as base image FROM registry.access.redhat.com/ubi9/ubi # Install procps and clean up metadata to reduce image size RUN dnf install -y procps && \ dnf clean all && \ rm -rf /var/cache/dnf # Add user1 with UID 2000 RUN useradd -u 2000 user1 # Switch to user1 (optional if you want the container to run as this user) USER 2000 # Default command (can be changed as needed) CMD ["/bin/bash"]

1 month

1
0
0 / 0

Podman error on new server: "crun: Error mmapping the file"

by Rahaman, Ronald O

Hi all, I'm seeing some crun errors when running Podman 5.2.2 for the first time on a new RHEL 9.5 server. We've been happily using Podman 5.2.2 with no issues on several of our pre-existing RHEL 9.5 servers. As far as I can tell, we're using the same configurations on this new server. Do you think there's a setup step we're missing? I'm running hello world with ``` podman --log-level=debug run hello-world ``` And this is the suspicious part of the output. I can provide more output if you need it. ``` INFO[0000] Failed to add conmon to cgroupfs sandbox cgroup: creating cgroup path conmon: open /sys/fs/cgroup/cgroup.subtree_control: permission denied [conmon:d]: failed to write to /proc/self/oom_score_adj: Permission denied DEBU[0000] Received: -1 DEBU[0000] Cleaning up container 183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1 DEBU[0000] Tearing down network namespace at /run/user/3288771/netns/netns-91004d3e-3095-8f89-e705-d2e9818f8683 for container 183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1 DEBU[0000] Unmounted container "183379555df5fc29565b3d49763a155cbc9b7b21b4c0575f9990f486fc48abe1" DEBU[0000] ExitCode msg: "crun: error mmapping the file: no such device: oci runtime error" Error: OCI runtime error: crun: Error mmapping the file: No such device DEBU[0000] Shutting down engines ``` Thanks, Ron -------- Ron Rahaman Research Scientist II, Research Software Engineer Partnership for an Advanced Computing Environment (PACE) Open Source Programming Office (OSPO) Georgia Institute of Technology

1 month

1
0
0 / 0

RunRoot & mistaken IDs

by lejeczek

Hi guys. I experience this: -> $ podman images WARN[0000] RunRoot is pointing to a path (/run/user/1007/containers) which is not writable. Most likely podman will fail. Error: creating events dirs: mkdir /run/user/1007: permission denied -> $ id uid=2001(podmania) gid=2001(podmania) groups=2001(podmania) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 I think it might have something to do with the fact that I changed UID for the user, but why would this be? How troubleshoot & fix it, ideally without system reboot? many thanks, L.

1 month, 1 week

4
11
0 / 0

2025

2024

2023

2022

2021

2020

2019

Podman July 2025