Releases: containers/podman
Releases · containers/podman
v5.5.0-RC2
v5.5.0-rc2
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
3c4cf52
This commit was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
This is the second release candidate of Podman v5.5.0. Preliminary release notes follow:
Features
- A new command has been added,
podman machine cp, to copy files into a runningpodman machineVM. - A new command has been added,
podman artifact extract, to copy some or all of the contents of an OCI artifact to a location on disk. - The
--mountoption topodman create,podman run, andpodman pod createnow supports a new mount type,--mount type=artifact, to mount OCI artifacts into containers. - The
podman artifact addcommand now features two new options,--append(to add new files to an existing artifact) and--file-type(to specify the MIME type of the file added to the artifact) (#25884). - The
podman artifact rmcommand now features a new option,--all, to remove all artifacts in the local store. - The
--filteroption topodman pause,podman ps,podman restart,podman rm,podman start,podman stop, andpodman unpausenow accepts a new filter,command, which filters on the first element (argv[0]) of the command run in the container. - The
podman execcommand now supports a new option,--cidfile, to specify the ID of the container to exec into via a file (#21256). - The
podman kube generateandpodman kube playcommands now supports a new annotation,io.podman.annotation.pids-limit/$containername, preserving the PID limit for containers acrosskube generateandkube play(#24418). - Quadlet
.containerunits now support three new keys,Memory=(set maximum memory for the created container),ReloadCmd(execute a command via systemdExecReload), andReloadSignal(kill the container with the given signal via systemdExecReload) (#22036). - Quadlet
.container,.image, and.buildunits now support two new keys,Retry(number of times to retry pulling image on failure) andRetryDelay(delay between retries) (#25109). - Quadlet
.podunits now support a new key,HostName=, to set the pod's hostname (#25639). - Quadlet files now support a new option,
UpheldBy, in theInstallsection, corresponding to the systemdUpholdsoption. - The names of Quadlet units specified as systemd dependencies are now automatically translated - e.g.
Wants=my.containeris now valid. - Podman now generates events for the creation and removal of secrets (#24030).
- A new global option has been added to Podman,
--cdi-spec-dir, to specify additional search paths for CDI specs to the CDI loader (#18292 and #25691). - The
podman buildcommand now supports a new option,--inherit-labels(defaults to true), which controls whether labels are inherited from the base image or base stages. - The
podman updatecommand now supports two new options,--envand--unsetenv, to alter the environment variables of existing containers (#24875).
Breaking Changes
- Due to changes in Docker API types, two small breaking changes have been made in the Go bindings for the REST API. The
containers.Commit()function now returns a new struct (types.IDResponse) with identical contents, and thecontainers.ExecCreatefunction'shandlers.ExecCreateConfigparameter now contains a different embedded struct, potentially requiring changes to how it is assigned to.
Changes
- Podman now requires at least Go 1.23 to build.
- Healthchecks have been refactored to avoid writing to the database as much as possible, greatly improving performance on systems with many simultaneous healthchecks running.
- Healthchecks now have a new status,
stopped, which is reported if the container the healthcheck was run on stopped before the check could be completed (#25276). - Containers in pods are now stopped in order based on their dependencies, with the infra container being stopped last, preventing application containers from losing networking before they are stopped due to the infra container stopping prematurely.
- Due to challenges with handling automatic installation, the Windows installer no longer installs WSLv2 or Hyper-V.
- Quadlet will now print warnings when skipping lines to help identify malformed Quadlet files (#25339).
- Creating
podman machineVMs with a host mount over the VM's/tmpdirectory is no longer allowed (#18230). - The
podman logscommand now allows options to be specified after the container name (e.g.podman logs $containername --follow) (#25653). - Podman, by default, no longer uses a pause image for pod infra and service containers. Instead, a root filesystem containing only the
catatonitbinary will be used (#23292). - The
podman system resetcommand no longer removes the user'spodman.sockAPI socket. - When using Netavark v1.15 and higher, containers in non-default networks will no longer have the default search domain
dns.podmanadded. Queries resolving such names will still work. - Stopping a Quadlet
.networkunit will now delete the network (if no containers are actively using it) (#23678). - For security hardening, the
/proc/interruptsand/sys/devices/system/cpu/$CPU/thermal_throttlepaths are now masked by default in containers (#25634).
Bugfixes
- Fixed a bug where healthchecks would still run while a container was paused (#24590).
- Fixed a bug where the remote Podman client on Windows could not mount named volumes with a single-character name into containers (#25218).
- Fixed a bug where mounting an image could panic when run without
CAP_SYS_ADMIN(#25241). - Fixed a bug where Podman would not report errors when setting up healthchecks (#25034).
- Fixed a bug where the
podman execcommand would not add the additional groups of the user the exec session was run as unless the user was explicitly added with the--useroption (#25610). - Fixed a bug where errors during the
podman network connectandpodman network disconnectcommands could create errors in the database which would causepodman inspecton the container to fail. - Fixed a bug where the
podman kube generatecommand did not correctly generate YAML for volume mounts using a subpath. - Fixed a bug where the
podman system dfcommand could show a negative reclaimable size. - Fixed a bug where accessing a rootful
podman machineVM that was notpodman-machine-default(the default VM) with thepodman machine sshcommand would put the user into the rootless shell (#25332). - Fixed a bug where the
podman machine initwould report nonsensical memory values in error messages when trying to create a machine with more memory than the system. - Fixed a bug where the remote Podman client's
podman start --attachcommand would incorrectly print an error when run on a container created with the--rmoption (#25965). - Fixed a bug where the remote Podman client's
podman pullcommand could hang and leak memory if the server was unexpectedly stopped or encountered an error during a pull. - Fixed a bug where the remote Podman client's
podman cpcommand would, on Windows, often fail to copy files into the container due to improper handling of Windows paths (#14862). - Fixed a bug where the
podman container clonecommand did not correctly copy healthcheck settings to the new container (#21630). - Fixed a bug where the
podman kube playcommand would fail to start empty pods (#25786). - Fixed a bug where the
podman volume lscommand did not output headers when no volumes were present (#25911). - Fixed a bug where healthcheck configuration provided by a container's image could not be overridden unless the
--health-cmdoption was specified when creating the container (#20212). - Fixed a bug where the
--useroption topodman createandpodman runcould not be used with users added to the container by the--hostuseroption (#25805). - Fixed a bug where the
podman system resetcommand on FreeBSD would incorrectly print an error. - Fixed a bug where stopping the
podman machine startcommand with SIGINT could result in machine state being incorrectly set to "Starting" (#24416).
API
- Fixed a bug where the Compat Create API for Containers ignored ulimits specified in the request when Podman was run rootless (#25881).
Misc
- Erroneous errors from the
ExecStartAndAttach()function ...
v5.5.0-RC1
v5.5.0-rc1
This tag was signed with the committer’s verified signature.
ashley-cui
Ashley Cui
6a597e0
This commit was signed with the committer’s verified signature.
ashley-cui
Ashley Cui
Features
- A new command has been added,
podman machine cp, to copy files into a runningpodman machineVM. - A new command has been added,
podman artifact extract, to copy some or all of the contents of an OCI artifact to a location on disk. - The
--mountoption topodman create,podman run, andpodman pod createnow supports a new mount type,--mount type=artifact, to mount OCI artifacts into containers. - The
podman artifact addcommand now features two new options,--append(to add new files to an existing artifact) and--file-type(to specify the MIME type of the file added to the artifact) (#25884). - The
podman artifact rmcommand now features a new option,--all, to remove all artifacts in the local store. - The
--filteroption topodman pause,podman ps,podman restart,podman rm,podman start,podman stop, andpodman unpausenow accepts a new filter,command, which filters on the first element (argv[0]) of the command run in the container. - The
podman execcommand now supports a new option,--cidfile, to specify the ID of the container to exec into via a file (#21256). - The
podman kube generateandpodman kube playcommands now supports a new annotation,io.podman.annotation.pids-limit/$containername, preserving the PID limit for containers acrosskube generateandkube play(#24418). - Quadlet
.containerunits now support three new keys,Memory=(set maximum memory for the created container),ReloadCmd(execute a command via systemdExecReload), andReloadSignal(kill the container with the given signal via systemdExecReload) (#22036). - Quadlet
.container,.image, and.buildunits now support two new keys,Retry(number of times to retry pulling image on failure) andRetryDelay(delay between retries) (#25109). - Quadlet
.podunits now support a new key,HostName=, to set the pod's hostname (#25639). - Quadlet files now support a new option,
UpheldBy, in theInstallsection, corresponding to the systemdUpholdsoption. - The names of Quadlet units specified as systemd dependencies are now automatically translated - e.g.
Wants=my.containeris now valid. - Podman now generates events for the creation and removal of secrets (#24030).
- A new global option has been added to Podman,
--cdi-spec-dir, to specify additional search paths for CDI specs to the CDI loader (#18292 and #25691). - The
podman buildcommand now supports a new option,--inherit-labels(defaults to true), which controls whether labels are inherited from the base image or base stages. - The
podman updatecommand now supports two new options,--envand--unsetenv, to alter the environment variables of existing containers (#24875).
Breaking Changes
- Due to changes in Docker API types, two small breaking changes have been made in the Go bindings for the REST API. The
containers.Commit()function now returns a new struct (types.IDResponse) with identical contents, and thecontainers.ExecCreatefunction'shandlers.ExecCreateConfigparameter now contains a different embedded struct, potentially requiring changes to how it is assigned to.
Changes
- Podman now requires at least Go 1.23 to build.
- Healthchecks have been refactored to avoid writing to the database as much as possible, greatly improving performance on systems with many simultaneous healthchecks running.
- Healthchecks now have a new status,
stopped, which is reported if the container the healthcheck was run on stopped before the check could be completed (#25276). - Containers in pods are now stopped in order based on their dependencies, with the infra container being stopped last, preventing application containers from losing networking before they are stopped due to the infra container stopping prematurely.
- Due to challenges with handling automatic installation, the Windows installer no longer installs WSLv2 or Hyper-V.
- Quadlet will now print warnings when skipping lines to help identify malformed Quadlet files (#25339).
- Creating
podman machineVMs with a host mount over the VM's/tmpdirectory is no longer allowed (#18230). - The
podman logscommand now allows options to be specified after the container name (e.g.podman logs $containername --follow) (#25653). - Podman, by default, no longer uses a pause image for pod infra and service containers. Instead, a root filesystem containing only the
catatonitbinary will be used (#23292). - The
podman system resetcommand no longer removes the user'spodman.sockAPI socket. - When using Netavark v1.15 and higher, containers in non-default networks will no longer have the default search domain
dns.podmanadded. Queries resolving such names will still work. - Stopping a Quadlet
.networkunit will now delete the network (if no containers are actively using it) (#23678). - For security hardening, the
/proc/interruptsand/sys/devices/system/cpu/$CPU/thermal_throttlepaths are now masked by default in containers (#25634).
Bugfixes
- Fixed a bug where healthchecks would still run while a container was paused (#24590).
- Fixed a bug where the remote Podman client on Windows could not mount named volumes with a single-character name into containers (#25218).
- Fixed a bug where mounting an image could panic when run without
CAP_SYS_ADMIN(#25241). - Fixed a bug where Podman would not report errors when setting up healthchecks (#25034).
- Fixed a bug where the
podman execcommand would not add the additional groups of the user the exec session was run as unless the user was explicitly added with the--useroption (#25610). - Fixed a bug where errors during the
podman network connectandpodman network disconnectcommands could create errors in the database which would causepodman inspecton the container to fail. - Fixed a bug where the
podman kube generatecommand did not correctly generate YAML for volume mounts using a subpath. - Fixed a bug where the
podman system dfcommand could show a negative reclaimable size. - Fixed a bug where accessing a rootful
podman machineVM that was notpodman-machine-default(the default VM) with thepodman machine sshcommand would put the user into the rootless shell (#25332). - Fixed a bug where the
podman machine initwould report nonsensical memory values in error messages when trying to create a machine with more memory than the system. - Fixed a bug where the remote Podman client's
podman cpcommand would, on Windows, often fail to copy files into the container due to improper handling of Windows paths (#14862). - Fixed a bug where the
podman container clonecommand did not correctly copy healthcheck settings to the new container (#21630). - Fixed a bug where the
podman kube playcommand would fail to start empty pods (#25786). - Fixed a bug where the
podman volume lscommand did not output headers when no volumes were present (#25911). - Fixed a bug where healthcheck configuration provided by a container's image could not be overridden unless the
--health-cmdoption was specified when creating the container (#20212). - Fixed a bug where the
--useroption topodman createandpodman runcould not be used with users added to the container by the--hostuseroption (#25805).
API
- Fixed a bug where the Compat Create API for Containers ignored ulimits specified in the request when Podman was run rootless (#25881).
Misc
- Erroneous errors from the
ExecStartAndAttach()function in the Go bindings for the REST API have been silenced, where the function would incorrectly report errors when stdin was consumed after the exec session was stopped (#25344). - Updated Buildah to v1.40.0
- Updated the containers/common library to v0.63.0
- Updated the containers/image library to v5.35.0
- Updated the containers/storage library to v1.58.0
v5.4.2
v5.4.2
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
be85287
This commit was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
Bugfixes
- Fixed a bug where the
podman importcommand could not import images compressed with algorithms other than gzip (#25593). - Fixed a bug where the
podman cpcommand could deadlock when copying into a non-empty volume on a container that is not running (#25585).
API
- Fixed a bug where the default values for some fields in the Libpod Create endpoint for Containers did not have sensible defaults for some healthcheck fields, causing unrestricted log growth for containers which did not set these fields (#25473).
Misc
- Updated vendored Buildah to v1.39.4
- Updated the containers/common library to v0.62.3
- Updated the containers/image library to v5.34.3
- Updated the containers/storage library to v1.57.2
v5.4.1
v5.4.1
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
b79bc8a
This commit was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
Bugfixes
- Fixed a bug where volume quotas were not being applied (#25368).
- Fixed a bug where the
--pid-limit=-1option did not function properly with containers using theruncOCI runtime. - Fixed a bug where the
podman artifact pullcommand did not respect the--retry-delayoption. - Fixed a bug where Podman would leak a file and directory for every container created.
- Fixed a bug where the
podman waitcommand would sometimes error when waiting for a container set to auto-remove. - Fixed a bug where Quadlet
.kubeunits would not report an error (and stay running) even when a pod failed to start (#20667).
API
- Fixed a bug where the Compat DF endpoint did not correctly report total size of all images.
Misc
- Updated Buildah to v1.39.2
- Updated the containers/common library to v0.62.1
- Updated the containers/image library to v5.34.1
v5.4.0
v5.4.0
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
Features
- A preview of Podman's support for OCI artifacts has been added through the
podman artifactsuite of commands, includingadd,inspect,ls,pull,push, andrm. This support is very early and not fully complete, and the command line interface for these tools has not been finalized. We welcome feedback on the new artifact experience through our issue tracker! - The
podman updatecommand now supports a wide variety of options related to healthchecks (including--health-cmdto define a new healthcheck and--no-healthcheckto disable an existing healthcheck), allowing healthchecks to be added to, removed from, and otherwise updated on existing containers. You can find full details on the 15 added options in the manpage. - The
--mount type=volumeoption for thepodman run,podman create, andpodman volume createcommands now supports a new option,subpath=, to make only a subset of the volume visible in the container (#20661). - The
--userns=keep-idoption for thepodman run,podman create, andpodman pod createcommands now supports a new option,--userns=keep-id:size=, to configure the size of the user namespace (#24387). - The
podman kube playcommand now supports Container Device Interface (CDI) devices (#17833). - The
podman machine initcommand now supports a new option,--playbook, to run an Ansible playbook in the created VM on first boot for initial configuration. - Quadlet
.podfiles now support a new field,ShmSize, to specify the size of the pod's shared SHM (#22915). - The
podman run,podman create, andpodman pod createcommands now support a new option,--hosts-file, to define the base file used for/etc/hostsin the container. - The
podman run,podman create, andpodman pod createcommands now support a new option,--no-hostname, which disables the creation of/etc/hostnamein the container (#25002). - The
podman network createcommand now supports a new option forbridgenetworks,--opt mode=unmanaged, which allows Podman to use an existing network bridge on the system without changes. - The
--networkoption topodman run,podman create, andpodman pod createnow accepts a new option forbridgenetworks,host_interface_name, which specifies a name for the network interface created outside the container. - The
podman manifest rmcommand now supports a new option,--ignore, to not error when removing manifests that do not exist. - The
podman system prunecommand now supports a new option,--build, to remove build containers leftover from prematurely terminated builds. - The
podman eventscommand now generates events for the creation and removal of networks (#24032).
Breaking Changes
- Due to a lack of availability of hardware to test on, the Podman maintainers are no longer capable of providing full support for Podman on Intel Macs. Binaries and machine images will still be produced, and pull requests related to MacOS on Intel systems will still be merged, but bugs will be fixed on a best effort basis only. We welcome any potential new maintainers who would be able to assist in restoring full support.
- Quadlet previously incorrectly allowed
:as a character to define comments. This was a mistake; developer intent and documentation was that#and;were to be used as comment characters instead, matching systemd. This has been corrected, and semicolons now define comments instead of colons.
Changes
- Podman now passes container hostnames to Netavark, which will use them for any DHCP requests for the container.
- Partial pulls of
zstd:chunkedimages now only happen for images that have aRootFS.DiffIDentry in the image's OCI config JSON, and require the layer contents to match. This resolves issues with image ID ambiguity when partial pulls were enabled. - Packagers can now set the
BUILD_ORIGINenvironment variable when building podman from theMakefile. This provides information on who built the Podman binary, and is displayed inpodman versionandpodman info. This will help upstream bug reports, allowing maintainers to trace how and where the binary was built and installed from.
Bugfixes
- Fixed a bug where
podman machineVMs on WSL could fail to start when using usermode networking could fail to start due to a port conflict (#20327). - Fixed a bug where overlay mounts could not be made at paths where the image specifies a volume (#24555).
- Fixed a bug where the
podman buildcommand did not honor theno_pivot_rootsetting fromcontainers.conf(#24546). - Fixed a bug where volumes would have the wrong permissions if
podman cpwas used to copy into a fresh volume in a container that had never been started. - Fixed a bug where using
podman cpto copy into a named volume requiring a mount (image volumes, volumes backed by a volume plugin, or other volumes with options) would fail when the container being copied into was stopped. - Fixed a bug where rlimits would be set incorrectly when Podman was run as root but without
CAP_SYS_RESOURCE(#24692). - Fixed a bug where the
podman stats --allcommand would fail if a container started with--cgroups=nonewas present (#24632). - Fixed a bug where the
podman infocommand would only return details on one image store even if additional image stores were configured instorage.conf. - Fixed a bug where the
podman updatecommand could reset resource limits that were not being modified to default (#24610). - Fixed a bug where the remote Podman client's
podman updatecommand could not update resource limits on devices mounted into the container (#24734). - Fixed a bug where the
podman manifest annotatecommand could panic when the--indexoption was used (#24750). - Fixed a bug where a Quadlet container reusing another container's network could cause errors if the second container was not already running.
- Fixed a bug where Quadlet files containing lines with a trailing backslash could cause an infinite loop during parsing (#24810).
- Fixed a bug where Quadlet would, when run as a non-root user, not generate for files in subfolders of
/etc/containers/systemd/users/(#24783). - Fixed a bug where values in Quadlet files containing octal escape sequences were incorrectly unescaped.
- Fixed a bug where
podman generate kubecould generate persistent volumes with mixed-case names or names containing an underscore, which are not supported by Kubernetes (#16542). - Fixed a bug where the
ptmxmodeoption to--mount type=devptsdid not function. - Fixed a bug where shell completion on Windows would include
.exein the executable name, breaking completion on some shells. - Fixed a bug where the output of
podman inspecton containers did not include the ID of the network the container was joined to, improving Docker compatibility (#24910). - Fixed a bug where containers created with the remote API incorrectly included a create command (#25026).
- Fixed a bug where it was possible to specify the
libkrunbackend for VMs on Intel Macs (libkrunonly supports Arm systems). - Fixed a bug where
libkrunandapplehvVMs frompodman machinecould be started at the same time on Macs (#25112). - Fixed a bug where
podman execcommands could not detach from the exec session using the detach keys (#24895). - Fixed a bug where Podman would fail to start due to a database configuration mismatch when certain fields were configured to the empty string (#24738).
API
- The Compat and Libpod Build APIs for Images now support a new query parameter,
nohosts, which (when set to true) does not create/etc/hostsin the image when building. - Fixed a bug where the Compat Create API for Containers did not honor CDI devices, preventing (among other things) the use of GPUs with
docker compose(#19338).
Misc
- The Docker alias script has been fixed to better handle variable substitution.
- Fixed a bug where
podman-restart.servicefunctioned incorrectly when no containers were present. - Updated Buildah to v1.39.0
- Updated the containers/common library to v0.62.0
- Updated the containers/storage library to v1.57.1
- Updated the containers/image library to v5.34.0
v5.4.0-RC3
v5.4.0-rc3
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
This is the final release candidate for Podman v5.4.0. Preliminary release notes follow:
Features
- A preview of Podman's support for OCI artifacts has been added through the
podman artifactsuite of commands, includingadd,inspect,ls,pull,push, andrm. This support is very early and not fully complete, and the command line interface for these tools has not been finalized. We welcome feedback on the new artifact experience through our issue tracker! - The
podman updatecommand now supports a wide variety of options related to healthchecks (including--health-cmdto define a new healthcheck and--no-healthcheckto disable an existing healthcheck), allowing healthchecks to be added to, removed from, and otherwise updated on existing containers. You can find full details on the 15 added options in the manpage. - The
--mount type=volumeoption for thepodman run,podman create, andpodman volume createcommands now supports a new option,subpath=, to make only a subset of the volume visible in the container (#20661). - The
--userns=keep-idoption for thepodman run,podman create, andpodman pod createcommands now supports a new option,--userns=keep-id:size=, to configure the size of the user namespace (#24387). - The
podman kube playcommand now supports Container Device Interface (CDI) devices (#17833). - The
podman machine initcommand now supports a new option,--playbook, to run an Ansible playbook in the created VM on first boot for initial configuration. - Quadlet
.podfiles now support a new field,ShmSize, to specify the size of the pod's shared SHM (#22915). - The
podman run,podman create, andpodman pod createcommands now support a new option,--hosts-file, to define the base file used for/etc/hostsin the container. - The
podman run,podman create, andpodman pod createcommands now support a new option,--no-hostname, which disables the creation of/etc/hostnamein the container (#25002). - The
podman network createcommand now supports a new option forbridgenetworks,--opt mode=unmanaged, which allows Podman to use an existing network bridge on the system without changes. - The
--networkoption topodman run,podman create, andpodman pod createnow accepts a new option forbridgenetworks,host_interface_name, which specifies a name for the network interface created outside the container. - The
podman manifest rmcommand now supports a new option,--ignore, to not error when removing manifests that do not exist. - The
podman system prunecommand now supports a new option,--build, to remove build containers leftover from prematurely terminated builds. - The
podman eventscommand now generates events for the creation and removal of networks (#24032).
Breaking Changes
- Due to a lack of availability of hardware to test on, the Podman maintainers are no longer capable of providing full support for Podman on Intel Macs. Binaries and machine images will still be produced, and pull requests related to MacOS on Intel systems will still be merged, but bugs will be fixed on a best effort basis only. We welcome any potential new maintainers who would be able to assist in restoring full support.
- Quadlet previously incorrectly allowed
:as a character to define comments. This was a mistake; developer intent and documentation was that#and;were to be used as comment characters instead, matching systemd. This has been corrected, and semicolons now define comments instead of colons.
Changes
- Podman now passes container hostnames to Netavark, which will use them for any DHCP requests for the container.
- Partial pulls of
zstd:chunkedimages now only happen for images that have aRootFS.DiffIDentry in the image's OCI config JSON, and require the layer contents to match. This resolves issues with image ID ambiguity when partial pulls were enabled. - Packagers can now set the
BUILD_ORIGINenvironment variable when building podman from theMakefile. This provides information on who built the Podman binary, and is displayed inpodman versionandpodman info. This will help upstream bug reports, allowing maintainers to trace how and where the binary was built and installed from.
Bugfixes
- Fixed a bug where
podman machineVMs on WSL could fail to start when using usermode networking could fail to start due to a port conflict (#20327). - Fixed a bug where overlay mounts could not be made at paths where the image specifies a volume (#24555).
- Fixed a bug where the
podman buildcommand did not honor theno_pivot_rootsetting fromcontainers.conf(#24546). - Fixed a bug where volumes would have the wrong permissions if
podman cpwas used to copy into a fresh volume in a container that had never been started. - Fixed a bug where using
podman cpto copy into a named volume requiring a mount (image volumes, volumes backed by a volume plugin, or other volumes with options) would fail when the container being copied into was stopped. - Fixed a bug where rlimits would be set incorrectly when Podman was run as root but without
CAP_SYS_RESOURCE(#24692). - Fixed a bug where the
podman stats --allcommand would fail if a container started with--cgroups=nonewas present (#24632). - Fixed a bug where the
podman infocommand would only return details on one image store even if additional image stores were configured instorage.conf. - Fixed a bug where the
podman updatecommand could reset resource limits that were not being modified to default (#24610). - Fixed a bug where the remote Podman client's
podman updatecommand could not update resource limits on devices mounted into the container (#24734). - Fixed a bug where the
podman manifest annotatecommand could panic when the--indexoption was used (#24750). - Fixed a bug where a Quadlet container reusing another container's network could cause errors if the second container was not already running.
- Fixed a bug where Quadlet files containing lines with a trailing backslash could cause an infinite loop during parsing (#24810).
- Fixed a bug where Quadlet would, when run as a non-root user, not generate for files in subfolders of
/etc/containers/systemd/users/(#24783). - Fixed a bug where values in Quadlet files containing octal escape sequences were incorrectly unescaped.
- Fixed a bug where
podman generate kubecould generate persistent volumes with mixed-case names or names containing an underscore, which are not supported by Kubernetes (#16542). - Fixed a bug where the
ptmxmodeoption to--mount type=devptsdid not function. - Fixed a bug where shell completion on Windows would include
.exein the executable name, breaking completion on some shells. - Fixed a bug where the output of
podman inspecton containers did not include the ID of the network the container was joined to, improving Docker compatibility (#24910). - Fixed a bug where containers created with the remote API incorrectly included a create command (#25026).
- Fixed a bug where it was possible to specify the
libkrunbackend for VMs on Intel Macs (libkrunonly supports Arm systems). - Fixed a bug where
libkrunandapplehvVMs frompodman machinecould be started at the same time on Macs (#25112). - Fixed a bug where
podman execcommands could not detach from the exec session using the detach keys (#24895).
API
- The Compat and Libpod Build APIs for Images now support a new query parameter,
nohosts, which (when set to true) does not create/etc/hostsin the image when building. - Fixed a bug where the Compat Create API for Containers did not honor CDI devices, preventing (among other things) the use of GPUs with
docker compose(#19338).
Misc
- The Docker alias script has been fixed to better handle variable substitution.
- Fixed a bug where
podman-restart.servicefunctioned incorrectly when no containers were present. - Updated Buildah to v1.39.0
- Updated the containers/common library to v0.62.0
- Updated the containers/storage library to v1.57.1
- Updated the containers/image library to v5.34.0
v5.4.0-RC2
v5.4.0-rc2
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
This is the second release candidate for Podman v5.4.0. Preliminary release notes follow.
Features
- A preview of Podman's support for OCI artifacts has been added through the
podman artifactsuite of commands, includingadd,inspect,ls,pull,push, andrm. This support is very early and not fully complete, and the command line interface for these tools has not been finalized. We welcome feedback on the new artifact experience through our issue tracker! - The
podman updatecommand now supports a wide variety of options related to healthchecks (including--health-cmdto define a new healthcheck and--no-healthcheckto disable an existing healthcheck), allowing healthchecks to be added to, removed from, and otherwise updated on existing containers. You can find full details on the 15 added options in the manpage. - The
--mount type=volumeoption for thepodman run,podman create, andpodman volume createcommands now supports a new option,subpath=, to make only a subset of the volume visible in the container (#20661). - The
--userns=keep-idoption for thepodman run,podman create, andpodman pod createcommands now supports a new option,--userns=keep-id:size=, to configure the size of the user namespace (#24387). - The
podman kube playcommand now supports Container Device Interface (CDI) devices (#17833). - Quadlet
.podfiles now support a new field,ShmSize, to specify the size of the pod's shared SHM (#22915). - The
podman run,podman create, andpodman pod createcommands now support a new option,--hosts-file, to define the base file used for/etc/hostsin the container. - The
podman run,podman create, andpodman pod createcommands now support a new option,--no-hostname, which disables the creation of/etc/hostnamein the container (#25002). - The
podman network createcommand now supports a new option forbridgenetworks,--opt mode=unmanaged, which allows Podman to use an existing network bridge on the system without changes. - The
--networkoption topodman run,podman create, andpodman pod createnow accepts a new option forbridgenetworks,host_interface_name, which specifies a name for the network interface created outside the container. - The
podman manifest rmcommand now supports a new option,--ignore, to not error when removing manifests that do not exist. - The
podman system prunecommand now supports a new option,--build, to remove build containers leftover from prematurely terminated builds. - The
podman eventscommand now generates events for the creation and removal of networks (#24032).
Breaking Changes
- Due to a lack of availability of hardware to test on, the Podman maintainers are no longer capable of providing full support for Podman on Intel Macs. Binaries and machine images will still be produced, and pull requests related to MacOS on Intel systems will still be merged, but bugs will be fixed on a best effort basis only. We welcome any potential new maintainers who would be able to assist in restoring full support.
- Quadlet previously incorrectly allowed
:as a character to define comments. This was a mistake; developer intent and documentation was that#and;were to be used as comment characters instead, matching systemd. This has been corrected, and semicolons now define comments instead of colons.
Changes
- Podman now passes container hostnames to Netavark, which will use them for any DHCP requests for the container.
- Partial pulls of
zstd:chunkedimages now only happen for images that have aRootFS.DiffIDentry in the image's OCI config JSON, and require the layer contents to match. This resolves issues with image ID ambiguity when partial pulls were enabled.
Bugfixes
- Fixed a bug where
podman machineVMs on WSL could fail to start when using usermode networking could fail to start due to a port conflict (#20327). - Fixed a bug where overlay mounts could not be made at paths where the image specifies a volume (#24555).
- Fixed a bug where the
podman buildcommand did not honor theno_pivot_rootsetting fromcontainers.conf(#24546). - Fixed a bug where volumes would have the wrong permissions if
podman cpwas used to copy into a fresh volume in a container that had never been started. - Fixed a bug where using
podman cpto copy into a named volume requiring a mount (image volumes, volumes backed by a volume plugin, or other volumes with options) would fail when the container being copied into was stopped. - Fixed a bug where rlimits would be set incorrectly when Podman was run as root but without
CAP_SYS_RESOURCE(#24692). - Fixed a bug where the
podman stats --allcommand would fail if a container started with--cgroups=nonewas present (#24632). - Fixed a bug where the
podman infocommand would only return details on one image store even if additional image stores were configured instorage.conf. - Fixed a bug where the
podman updatecommand could reset resource limits that were not being modified to default (#24610). - Fixed a bug where the remote Podman client's
podman updatecommand could not update resource limits on devices mounted into the container (#24734). - Fixed a bug where the
podman manifest annotatecommand could panic when the--indexoption was used (#24750). - Fixed a bug where a Quadlet container reusing another container's network could cause errors if the second container was not already running.
- Fixed a bug where Quadlet files containing lines with a trailing backslash could cause an infinite loop during parsing (#24810).
- Fixed a bug where Quadlet would, when run as a non-root user, not generate for files in subfolders of
/etc/containers/systemd/users/(#24783). - Fixed a bug where values in Quadlet files containing octal escape sequences were incorrectly unescaped.
- Fixed a bug where
podman generate kubecould generate persistent volumes with mixed-case names or names containing an underscore, which are not supported by Kubernetes (#16542). - Fixed a bug where the
ptmxmodeoption to--mount type=devptsdid not function. - Fixed a bug where shell completion on Windows would include
.exein the executable name, breaking completion on some shells. - Fixed a bug where the output of
podman inspecton containers did not include the ID of the network the container was joined to, improving Docker compatibility (#24910). - Fixed a bug where containers created with the remote API incorrectly included a create command (#25026).
- Fixed a bug where it was possible to specify the
libkrunbackend for VMs on Intel Macs (libkrunonly supports Arm systems).
API
- The Compat and Libpod Build APIs for Images now support a new query parameter,
nohosts, which (when set to true) does not create/etc/hostsin the image when building.
Misc
- The Docker alias script has been fixed to better handle variable substitution.
- Fixed a bug where
podman-restart.servicefunctioned incorrectly when no containers were present.
v5.4.0-RC1
v5.4.0-rc1
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
1b3528d
This commit was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
This is the first release candidate of Podman v5.4.0. Full release notes will be available with RC2 next week.
v5.3.2
v5.3.2
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
85043bb
This commit was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
Security
- This release contains Buildah v1.38.1 which addresses CVE-2024-11218
Bugfixes
- Fixed a bug where Quadlet
.buildfiles could create an invalid podman command line whenPull=was used (#24599). - Fixed a bug where the Mac installer did not install the Podman manpages (#24756).
Misc
- Updated Buildah to v1.38.1
- Updated the containers/common library to v0.61.1
- Updated the containers/storage library to v1.56.1
- Updated the containers/image library to v5.33.1
v5.3.1
v5.3.1
This tag was signed with the committer’s verified signature.
The key has expired.
mheon
Matt Heon
- Fixed a bug where the
--ignition-pathoption topodman machine initwould prevent creation of necessary files for the VM, rendering it unusable (#23544). - Fixed a bug where rootless containers using the
bridgenetworking mode would be unable to start due to a panic caused by a nil pointer dereference (#24566). - Fixed a bug where Podman containers would try to set increased rlimits when started in a user namespace, rendering containers unable to start (#24508).
- Fixed a bug where certain SSH configurations would make the remote Podman client unable to connect to the server (#24567).
- Fixed a bug where the Windows installer could install WSLv2 when upgrading an existing Podman installation that used the Hyper-V virtualization backend.