v4.8.0-RC1
Pre-release
Pre-release
Features
- Podman machine now supports HyperV as a provider on Windows. This option can be set via the
CONTAINERS_MACHINE_PROVIDER
environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported. - The
podman login
andpodman logout
commands now support a new option,--compat-auth-file
, which allows for editing Docker-compatible config files (#18617). - The
podman machine init
andpodman machine set
commands now support a new option,--usb
, which sets allows USB passthrough for the QEMU provider (#16707). - The
--ulimit
option now supports setting -1 to indicate the maximum limit allowed for the current process (#19319). - The
podman play kube
command now supports theBUILDAH_ISOLATION
environment variable to change build isolation when the--build
option is set (#20024). - The
podman volume create
command now supports--opt o=size=XYZ
on tmpfs file systems (#20449). - The
podman info
command for remote calls now reports client information even if the remote connection is unreachable - Added a new field,
privileged
, to containers.conf, which sets the defaults for the--privileged
flag when creating, running or exec'ing into a container. - The
podman kube play
command now supports setting DefaultMode for volumes (#19313). - The
--opt
option to thepodman network create
command now accepts a new driver specific option,vrf
, which assigns a VRF to the bridge interface. - A new option
--rdt-class=COS
has been added to thepodman create
andpodman run
commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature. - The
podman kube play
command now supports a new option,--publish-all
, which exposes all containerPorts on the host. - The --filter option now supports
label!=
, which filters for containers without the specified label.
Changes
- Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
- RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
- The
--help
option to thepodman push
command now shows the compression algorithm used. - The remote Podman client’s
commit
command now shows progress messages (#19947). - The
podman kube play
command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321). - The
--tty,-t
option to thepodman exec
command now defines the TERM environment variable even if the container is not running with a terminal (#20334). - Podman now also uses the
helper_binaries_dir
option in containers.conf to lookup the init binary (catatonit). - Podman healthcheck events are now logged as notices.
- Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
- The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
- Podman machine now prohibits using provider names as machine names.
applehv
,qemu
,wsl
, andhyperv
are no longer valid Podman machine names
Quadlet
- Quadlet now supports the
UIDMap
,GIDMap
,SubUIDMap
, andSubGIDMap
options in .container files. - Fixed a bug where symlinks were not resolved in search paths (#20504).
- Quadlet now supports the
ReadOnlyTmpfs
option. - The VolatileTmpfs option is now deprecated.
- Quadlet now supports systemd specifiers in User and Group keys.
- Quadlet now supports
ImageName
for .image files. - Quadlet now supports a new option,
--force
, to the stop command. - Quadlet now supports the
oneshot
service type for .kube files, which allows yaml files without containers. - Quadlet now supports podman level arguments (#20246).
- Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
- Quadlet now removes anonymous volumes when removing a container (#20070).
- Quadlet now supports a new unit type,
.image
.
Bugfixes
- Fixed a bug where mounted volumes on Podman machines on MacOS would have a max open files limit (#16106).
- Fixed a bug where setting both the
--uts
and--network
options tohost
did not fill /etc/hostname with the host's name (#20448). - Fixed a bug where the remote Podman client’s
build
command would incorrectly parse https paths (#20475). - Fixed a bug where running Docker Compose against a WSL podman machine would fail (#20373).
- Fixed a race condition where parallel tagging and untagging of images would fail (#17515).
- Fixed a bug where the
podman exec
command would leak sessions when the specified command does not existFixed a bug where thepodman exec
command would leak sessions when the specified command does not exist (#20392). - Fixed a bug where the
podman history
command did not display the size of certain layers (#20375). - Fixed a bug where a container with a custom user namespace and
--restart always/on-failure
would not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615). - Fixed a bug where remote calls to the
podman top
command would incorrectly parse options (#19176). - Fixed a bug where the
--read-only-tmpfs
option to thepodman run
command was incorrectly handled when the--read-only
option was set (#20225). - Fixed a bug where creating containers in parallel may cause a deadlock if both containers attempt to use the same named volume (#20313).
- Fixed a bug where a container restarted by the Podman service would occasionally not mount its storage (#17042).
- Fixed a bug where the
--filter
option to thepodman images
command would not correctly filter ids, digests, or intermediates (#19966). - Fixed a bug where setting the
--replace
option to thepodman run
command would print both the old and new container ID. Now, only the new container ID is printed. - Fixed a bug where the
podman machine ls
command would show Creation time as LastUp time for machines that have never been booted. Now, new machines showNever
, with the json value being ZeroTime. - Fixed a bug in the
podman build
command where the default pull policy was not set tomissing
(#20125). - Fixed a bug where setting the static or volume directory in
containers.conf
would lead to cleanup errors (#19938). - Fixed a bug where the
podman kube play
command exposed all containerPorts on the host (#17028). - Fixed a bug where the
podman farm update
command did not verify farm and connection existence before updating (#20080). - Fixed a bug where remote Podman calls would not honor the
--connection
option while theCONTAINER_HOST
environment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588). - Fixed a bug where the
--env-host
option was not honoring the default from containers.conf
API
- Fixed a bug in the Compat Image Prune endpoint where the dangling filter was set twice (#20469).
- Fixed a bug in the Compat API where attempting to connect a container to a network while the connection already exists returned a 200 status code. It now correctly returns a 500 error code.
- Fixed a bug in the Compat API where some responses would not have compatible error details if progress data had not been sent yet (#20013).
- The Libpod Pull endpoint now supports a new option, compatMode which causes the streamed JSON payload to be identical to the Compat endpoint.
- Fixed a bug in the Libpod Container Create endpoint where it would return an incorrect status code if the image was not found. The endpoint now correctly returns 404.
- The Compat Network List endpoint should see a significant performance improvement (#20035).
Misc
- Updated Buildah to v1.33.1
- Updated the containers/storage library to v1.51.0
- Updated the containers/image library to v5.29.0
- Updated the containers/common library to v0.57.0
- Updated the containers/libhvee library to v0.5.0
- Updated the Mac pkginstaller QEMU to v8.0.0
- Podman Machine now runs with gvproxy v0.7.1