Releases: containers/podman
Releases · containers/podman
v4.8.3
Security
- Fixed GHSA-45x7-px36-x8w8: CVE-2023-48795 by vendoring golang.org/x/crypto v0.17.0.
v4.8.2
Bugfixes
- Fixed a bug in the MacOS pkginstaller where Podman machine was using a different QEMU binary than the one installed using the installer, if it existed on the system (#20808).
- Fixed a bug on Windows (WSL) with the first-time install of user-mode networking when using the init command, as opposed to set (#20921).
Quadlet
- Fixed a bug where Kube image build failed when starting service with missing image (#20432).
v4.8.1
Bugfixes
- Fixed a bug on Windows (WSL) where wsl.conf/resolv.conf was not restored when user-mode networking was disabled after being enabled (#20625).
- Fixed a bug where currently if user specifies
podman kube play --replace, the pod is removed on the client side, not the server side (#20705). - Fixed a bug where
podman machine rm -fwould cause a deadlock when running with WSL. - Fixed
database is lockederrors with the new sqlite database backend (#20809). - Fixed a bug where
podman-remote execwould fail if the server API version is older than 4.8.0 (#20821). - Fixed a bug where Podman would not run any command on systems with a symlinked $HOME (#20872).
v4.8.0
v4.8.0
This tag was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
c4dfcf1
This commit was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
Features
- Podman machine now supports HyperV as a provider on Windows. This option can be set via the
CONTAINERS_MACHINE_PROVIDERenvironment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported. - The
podman buildcommand now supports Containerfiles with heredoc syntax. - The
podman loginandpodman logoutcommands now support a new option,--compat-auth-file, which allows for editing Docker-compatible config files (#18617). - The
podman machine initandpodman machine setcommands now support a new option,--usb, which sets allows USB passthrough for the QEMU provider (#16707). - The
--ulimitoption now supports setting -1 to indicate the maximum limit allowed for the current process (#19319). - The
podman play kubecommand now supports theBUILDAH_ISOLATIONenvironment variable to change build isolation when the--buildoption is set (#20024). - The
podman volume createcommand now supports--opt o=size=XYZon tmpfs file systems (#20449). - The
podman infocommand for remote calls now reports client information even if the remote connection is unreachable - Added a new field,
privileged, to containers.conf, which sets the defaults for the--privilegedflag when creating, running or exec'ing into a container. - The
podman kube playcommand now supports setting DefaultMode for volumes (#19313). - The
--optoption to thepodman network createcommand now accepts a new driver specific option,vrf, which assigns a VRF to the bridge interface. - A new option
--rdt-class=COShas been added to thepodman createandpodman runcommands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature. - The
podman kube playcommand now supports a new option,--publish-all, which exposes all containerPorts on the host. - The --filter option now supports
label!=, which filters for containers without the specified label.
Upcoming Deprecations
- We are beginning development on Podman 5.0, which will include a number of breaking changes and deprecations. We are still finalizing what will be done, but a preliminary list is below. Please note that none of these changes are present in Podman 4.8; this is a preview of upcoming changes.
- Podman 5.0 will deprecate the BoltDB database backend. Exact details on the transition to SQLite are still being decided - expect more news here soon.
- The containers.conf configuration file will be broken up into multiple separate files, ensuring that it will never be rewritten by Podman.
- Support for the CNI network backend and Cgroups V1 are being deprecated and gated by build tags. They will not be enabled in Podman builds by default.
- A variety of small breaking changes to the REST API are planned, both to improve Docker compatibility and to better support
containers.confsettings when creating and managing containers.
Changes
- Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
- RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
- The
--helpoption to thepodman pushcommand now shows the compression algorithm used. - The remote Podman client’s
commitcommand now shows progress messages (#19947). - The
podman kube playcommand now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321). - The
--tty,-toption to thepodman execcommand now defines the TERM environment variable even if the container is not running with a terminal (#20334). - Podman now also uses the
helper_binaries_diroption in containers.conf to lookup the init binary (catatonit). - Podman healthcheck events are now logged as notices.
- Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
- The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
- Podman machine now prohibits using provider names as machine names.
applehv,qemu,wsl, andhypervare no longer valid Podman machine names
Quadlet
- Quadlet now supports the
UIDMap,GIDMap,SubUIDMap, andSubGIDMapoptions in .container files. - Fixed a bug where symlinks were not resolved in search paths (#20504).
- Quadlet now supports the
ReadOnlyTmpfsoption. - The VolatileTmpfs option is now deprecated.
- Quadlet now supports systemd specifiers in User and Group keys.
- Quadlet now supports
ImageNamefor .image files. - Quadlet now supports a new option,
--force, to the stop command. - Quadlet now supports the
oneshotservice type for .kube files, which allows yaml files without containers. - Quadlet now supports podman level arguments (#20246).
- Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
- Quadlet now removes anonymous volumes when removing a container (#20070).
- Quadlet now supports a new unit type,
.image.
Bugfixes
- Fixed a bug where mounted volumes on Podman machines on MacOS would have a max open files limit (#16106).
- Fixed a bug where setting both the
--utsand--networkoptions tohostdid not fill /etc/hostname with the host's name (#20448). - Fixed a bug where the remote Podman client’s
buildcommand would incorrectly parse https paths (#20475). - Fixed a bug where running Docker Compose against a WSL podman machine would fail (#20373).
- Fixed a race condition where parallel tagging and untagging of images would fail (#17515).
- Fixed a bug where the
podman execcommand would leak sessions when the specified command does not existFixed a bug where thepodman execcommand would leak sessions when the specified command does not exist (#20392). - Fixed a bug where the
podman historycommand did not display the size of certain layers (#20375). - Fixed a bug where a container with a custom user namespace and
--restart always/on-failurewould not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615). - Fixed a bug where remote calls to the
podman topcommand would incorrectly parse options (#19176). - Fixed a bug where the
--read-only-tmpfsoption to thepodman runcommand was incorrectly handled when the--read-onlyoption was set (#20225). - Fixed a bug where creating containers in parallel may cause a deadlock if both containers attempt to use the same named volume (#20313).
- Fixed a bug where a container restarted by the Podman service would occasionally not mount its storage (#17042).
- Fixed a bug where the
--filteroption to thepodman imagescommand would not correctly filter ids, digests, or intermediates (#19966). - Fixed a bug where setting the
--replaceoption to thepodman runcommand would print both the old and new container ID. Now, only the new container ID is printed. - Fixed a bug where the
podman machine lscommand would show Creation time as LastUp time for machines that have never been booted. Now, new machines showNever, with the json value being ZeroTime. - Fixed a bug in the
podman buildcommand where the default pull policy was not set tomissing(#20125). - Fixed a bug where setting the static or volume directory in
containers.confwould lead to cleanup errors (#19938). - Fixed a bug where the
podman kube playcommand exposed all containerPorts on the host (#17028). - Fixed a bug where the
podman farm updatecommand did not verify farm and connection existence before updating (#20080). - Fixed a bug where remote Podman calls would not honor the
--connectionoption while theCONTAINER_HOSTenvironment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588). - Fixed a bug where the
--env-hostoption was not honoring the default from containers.conf
API
- Fixed a ...
v4.8.0-RC1
v4.8.0-rc1
This tag was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
ac1d54e
This commit was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
Features
- Podman machine now supports HyperV as a provider on Windows. This option can be set via the
CONTAINERS_MACHINE_PROVIDERenvironment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported. - The
podman loginandpodman logoutcommands now support a new option,--compat-auth-file, which allows for editing Docker-compatible config files (#18617). - The
podman machine initandpodman machine setcommands now support a new option,--usb, which sets allows USB passthrough for the QEMU provider (#16707). - The
--ulimitoption now supports setting -1 to indicate the maximum limit allowed for the current process (#19319). - The
podman play kubecommand now supports theBUILDAH_ISOLATIONenvironment variable to change build isolation when the--buildoption is set (#20024). - The
podman volume createcommand now supports--opt o=size=XYZon tmpfs file systems (#20449). - The
podman infocommand for remote calls now reports client information even if the remote connection is unreachable - Added a new field,
privileged, to containers.conf, which sets the defaults for the--privilegedflag when creating, running or exec'ing into a container. - The
podman kube playcommand now supports setting DefaultMode for volumes (#19313). - The
--optoption to thepodman network createcommand now accepts a new driver specific option,vrf, which assigns a VRF to the bridge interface. - A new option
--rdt-class=COShas been added to thepodman createandpodman runcommands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature. - The
podman kube playcommand now supports a new option,--publish-all, which exposes all containerPorts on the host. - The --filter option now supports
label!=, which filters for containers without the specified label.
Changes
- Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
- RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
- The
--helpoption to thepodman pushcommand now shows the compression algorithm used. - The remote Podman client’s
commitcommand now shows progress messages (#19947). - The
podman kube playcommand now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#19321). - The
--tty,-toption to thepodman execcommand now defines the TERM environment variable even if the container is not running with a terminal (#20334). - Podman now also uses the
helper_binaries_diroption in containers.conf to lookup the init binary (catatonit). - Podman healthcheck events are now logged as notices.
- Podman machines no longer automatically update, preventing accidental service interruptions (#20122).
- The amount of CPUs a podman machine uses now defaults to available cores/2 (#17066).
- Podman machine now prohibits using provider names as machine names.
applehv,qemu,wsl, andhypervare no longer valid Podman machine names
Quadlet
- Quadlet now supports the
UIDMap,GIDMap,SubUIDMap, andSubGIDMapoptions in .container files. - Fixed a bug where symlinks were not resolved in search paths (#20504).
- Quadlet now supports the
ReadOnlyTmpfsoption. - The VolatileTmpfs option is now deprecated.
- Quadlet now supports systemd specifiers in User and Group keys.
- Quadlet now supports
ImageNamefor .image files. - Quadlet now supports a new option,
--force, to the stop command. - Quadlet now supports the
oneshotservice type for .kube files, which allows yaml files without containers. - Quadlet now supports podman level arguments (#20246).
- Fixed a bug where Quadlet would crash when specifying non key-value options (#20104).
- Quadlet now removes anonymous volumes when removing a container (#20070).
- Quadlet now supports a new unit type,
.image.
Bugfixes
- Fixed a bug where mounted volumes on Podman machines on MacOS would have a max open files limit (#16106).
- Fixed a bug where setting both the
--utsand--networkoptions tohostdid not fill /etc/hostname with the host's name (#20448). - Fixed a bug where the remote Podman client’s
buildcommand would incorrectly parse https paths (#20475). - Fixed a bug where running Docker Compose against a WSL podman machine would fail (#20373).
- Fixed a race condition where parallel tagging and untagging of images would fail (#17515).
- Fixed a bug where the
podman execcommand would leak sessions when the specified command does not existFixed a bug where thepodman execcommand would leak sessions when the specified command does not exist (#20392). - Fixed a bug where the
podman historycommand did not display the size of certain layers (#20375). - Fixed a bug where a container with a custom user namespace and
--restart always/on-failurewould not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#18615). - Fixed a bug where remote calls to the
podman topcommand would incorrectly parse options (#19176). - Fixed a bug where the
--read-only-tmpfsoption to thepodman runcommand was incorrectly handled when the--read-onlyoption was set (#20225). - Fixed a bug where creating containers in parallel may cause a deadlock if both containers attempt to use the same named volume (#20313).
- Fixed a bug where a container restarted by the Podman service would occasionally not mount its storage (#17042).
- Fixed a bug where the
--filteroption to thepodman imagescommand would not correctly filter ids, digests, or intermediates (#19966). - Fixed a bug where setting the
--replaceoption to thepodman runcommand would print both the old and new container ID. Now, only the new container ID is printed. - Fixed a bug where the
podman machine lscommand would show Creation time as LastUp time for machines that have never been booted. Now, new machines showNever, with the json value being ZeroTime. - Fixed a bug in the
podman buildcommand where the default pull policy was not set tomissing(#20125). - Fixed a bug where setting the static or volume directory in
containers.confwould lead to cleanup errors (#19938). - Fixed a bug where the
podman kube playcommand exposed all containerPorts on the host (#17028). - Fixed a bug where the
podman farm updatecommand did not verify farm and connection existence before updating (#20080). - Fixed a bug where remote Podman calls would not honor the
--connectionoption while theCONTAINER_HOSTenvironment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#15588). - Fixed a bug where the
--env-hostoption was not honoring the default from containers.conf
API
- Fixed a bug in the Compat Image Prune endpoint where the dangling filter was set twice (#20469).
- Fixed a bug in the Compat API where attempting to connect a container to a network while the connection already exists returned a 200 status code. It now correctly returns a 500 error code.
- Fixed a bug in the Compat API where some responses would not have compatible error details if progress data had not been sent yet (#20013).
- The Libpod Pull endpoint now supports a new option, compatMode which causes the streamed JSON payload to be identical to the Compat endpoint.
- Fixed a bug in the Libpod Container Create endpoint where it would return an incorrect status code if the image was not found. The endpoint now correctly returns 404.
- The Compat Network List endpoint should see a significant performance improvement (#20035).
Misc
- Updated Buildah to v1.33.1
- Update...
v4.7.2
Security
- Fixed GHSA-jq35-85cj-fj4p.
Bugfixes
- WSL: Fixed
podman composecommand. - Fixed a bug in
podman composeto try all configured providers before throwing an error (#20502).
v4.7.1
Bugfixes
- Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209).
- Fixed a regression in --env-file handling (#19565).
- Fixed a bug where podman inspect would fail when stat'ing a device failed.
API
- The network list compat API endpoint is now much faster (#20035).
v4.7.0
Security
- Now the io.containers.capabilities LABEL in an image can be an empty string.
Features
- New command set:
podman farm [create,list,remove,update]has been created to "farm" out builds to machines running Podman for different architectures. - New command:
podman composeas a thin wrapper around an external compose provider such as docker-compose or podman-compose. - FreeBSD:
podman run --deviceis now supported. - Linux: Add a new
--moduleflag for Podman. - Podmansh: Timeout is now configurable using the
podmansh_timeoutoption in containers.conf. - SELinux: Add support for confined users to create containers but restrict them from creating privileged containers.
- WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#15190).
- WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance.
- The
podman buildcommand now supports two new options:--layer-labeland--cw. - The
podman kube generatecommand now supports generation of k8s DaemonSet kind (#18899). - The
podman kube generateandpodman kube playcommands now support the k8sTerminationGracePeriodSecondsfield (RH BZ#2218061). - The
podman kube generateandpodman kube playcommands now supportsecurityContext.procMount: Unmasked(#19881). - The
podman generate kubecommand now supports a--podman-onlyflag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes. - The
podman kube generatenow supports a--no-truncflag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible. - An infra name annotation
io.podman.annotations.infra.nameis added in the generated yaml when thepod createcommand has--infra-nameset. This annotation can also be used withkube playwhen wanting to customize the infra container name (#18312). - The syntax of
--uidmapand--gidmaphas been extended to lookup the parent user namespace and to extend default mappings (#18333). - The
podman kubecommands now support theListkind (#19052). - The
podman kube playcommand now supports environment variables in kube.yaml (#15983). - The
podman pushandpodman manifest pushcommands now support the--force-compressionoptionto prevent reusing other blobs (#18860). - The
podman manifest pushcommand now supports--add-compressionto push with compressed variants. - The
podman manifest pushcommand now honors theadd_compressionfield from containers.conf if--add-compressionis not set. - The
podman runandpodman create --mountcommands now support theramfstype (#19659). - When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image.
- The
--add-hostoption now accepts the special stringhost-gatewayinstead of an IP Address, which will be mapped to the host IP address. - The
podman generate systemdcommand is deprecated. Use Quadlet for running containers and pods under systemd. - The
podman secret rmcommand now supports an--ignoreoption. - The
--env-fileoption now supports multiline variables (#18724). - The
--read-only-tmpfsflag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937). - The Podman
--mountoption now supports bind mounts passed as globs. - The
--mountoption can now be specified in containers.conf using themountsfield. - The
podman statsnow has an--alloption to get all containers stats (#19252). - There is now a new
--sdnotify=healthypolicy where Podman sends the READY message once the container turns healthy (#6160). - Temporary files created when dealing with images in
/var/tmpwill automatically be cleaned up on reboot. - There is now a new filter option
sinceforpodman volume lsandpodman volume prune(#19228). - The
podman inspectcommand now has tab-completion support (#18672). - The
podman kube playcommand now has support for the use of reserved annotations in the generated YAML. - The progress bar is now displayed when decompressing a Podman machine image (#19240).
- The
podman secret inspectcommand supports a new option--showsecretwhich will output the actual secret. - The
podman secret createnow supports a--replaceoption, which allows you to modify secrets without replacing containers. - The
podman logincommand can now read the secret for a registry from its secret database created withpodman secret create(#18667). - The remote Podman client’s
podman play kubecommand now works with the--usernsoption (#17392).
Changes
- The
/tmpand/var/tmpinside of apodman kube playwill no longer benoexec. - The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#19848).
- The
podman kube playhas been improved to only pull a newer image for the "latest" tag (#19801). - Pulling from an
ocitransport will use the optional name for naming the image. - The
podman infocommand will always display the existence of the Podman socket. - The echo server example in socket_activation.md has been rewritten to use quadlet instead of
podman generate systemd. - Kubernetes support table documentation correctly show volumes support.
- The
podman auto-updatemanpage and documentation has been updated and now includes references to Quadlet.
Quadlet
- Quadlet now supports setting Ulimit values.
- Quadlet now supports setting the PidsLimit option in a container.
- Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#19884).
- Quadlet now supports ShmSize option in unit files.
- Quadlet now recursively calls in user directories for unit files.
- Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177).
- Quadlet now allows setting user-defined names for
VolumeandNetworkunits via theVolumeNameandNetworkNamedirectives, respectively. - Kube quadlets can now support autoupdate.
Bugfixes
- Fixed an issue where containers were being restarted after a
podman kill. - Fixed a bug where events could report incorrect healthcheck results (#19237).
- Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file.
- Fixed a bug where pod cgroup limits were not being honored after a reboot (#19175).
- Fixed a bug where
podman rm -afcould fail to remove containers under some circumstances (#18874). - Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#19829).
- Fixed a bug where
--hostuserwas being parsed in base 8 instead of base 10 (#19800). - Fixed a bug where
kube downwould error when an object did not exist (#19711). - Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#19139).
- Fixed a bug in
podman execto set umask to match the container it's execing into (#19713). - Fixed a bug where
podman kube playfailed to set a container's Umask to the default0022. - Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#19554).
- Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#272).
- Fixed a bug where
podman topwould sometimes not print the full output (#19504). - Fixed a bug were
podman logs --tailcould return incorrect lines when the k8s-file logger is used (#19545). - Fixed a bug where
podman stopdid not ignore cidfile not existing when user specified --ignore flag (#19546). - Fixed a bug where a container with an image volume and an inheri...
v4.7.0-rc1
v4.7.0-rc1
This tag was signed with the committer’s verified signature.
lsm5
Lokesh Mandvekar
Security
- Now the io.containers.capabilities LABEL in an image can be an empty string.
Features
- New command set:
podman farm [create,list,remove,update]has been created to "farm" out builds to machines running Podman for different architectures. - New command:
podman composeas a thin wrapper around an external compose provider such as docker-compose or podman-compose. - FreeBSD:
podman run --deviceis now supported. - Linux: Add a new
--moduleflag for Podman. - Podmansh: Timeout is now configurable using the
podmansh_timeoutoption in containers.conf. - SELinux: Add support for confined users to create containers but restrict them from creating privileged containers.
- WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#15190).
- WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance.
- The
podman buildcommand now supports two new options:--layer-labeland--cw. - The
podman kube generatecommand now supports generation of k8s DaemonSet kind (#18899). - The
podman kube generateandpodman kube playcommands now support the k8sTerminationGracePeriodSecondsfield (RH BZ#2218061). - The
podman kube generateandpodman kube playcommands now supportsecurityContext.procMount: Unmasked(#19881). - The
podman generate kubecommand now supports a--podman-onlyflag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes. - The
podman kube generatenow supports a--no-truncflag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible. - An infra name annotation
io.podman.annotations.infra.nameis added in the generated yaml when thepod createcommand has--infra-nameset. This annotation can also be used withkube playwhen wanting to customize the infra container name (#18312). - The syntax of
--uidmapand--gidmaphas been extended to lookup the parent user namespace and to extend default mappings (#18333). - The
podman kubecommands now support theListkind (#19052). - The
podman kube playcommand now supports environment variables in kube.yaml (#15983). - The
podman pushandpodman manifest pushcommands now support the--force-compressionoptionto prevent reusing other blobs (#18860). - The
podman manifest pushcommand now supports--add-compressionto push with compressed variants. - The
podman manifest pushcommand now honors theadd_compressionfield from containers.conf if--add-compressionis not set. - The
podman runandpodman create --mountcommands now support theramfstype (#19659). - When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image.
- The
--add-hostoption now accepts the special stringhost-gatewayinstead of an IP Address, which will be mapped to the host IP address. - The
podman generate systemdcommand is deprecated. Use Quadlet for running containers and pods under systemd. - The
podman secret rmcommand now supports an--ignoreoption. - The
--env-fileoption now supports multiline variables (#18724). - The
--read-only-tmpfsflag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#12937). - The Podman
--mountoption now supports bind mounts passed as globs. - The
--mountoption can now be specified in containers.conf using themountsfield. - The
podman statsnow has an--alloption to get all containers stats (#19252). - There is now a new
--sdnotify=healthypolicy where Podman sends the READY message once the container turns healthy (#6160). - Temporary files created when dealing with images in
/var/tmpwill automatically be cleaned up on reboot. - There is now a new filter option
sinceforpodman volume lsandpodman volume prune(#19228). - The
podman inspectcommand now has tab-completion support (#18672). - The
podman kube playcommand now has support for the use of reserved annotations in the generated YAML. - The progress bar is now displayed when decompressing a Podman machine image (#19240).
- The
podman secret inspectcommand supports a new option--showsecretwhich will output the actual secret. - The
podman secret createnow supports a--replaceoption, which allows you to modify secrets without replacing containers. - The
podman logincommand can now read the secret for a registry from its secret database created withpodman secret create(#18667). - The remote Podman client’s
podman play kubecommand now works with the--usernsoption (#17392).
Changes
- The
/tmpand/var/tmpinside of apodman kube playwill no longer benoexec. - The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#19848).
- The
podman kube playhas been improved to only pull a newer image for the "latest" tag (#19801). - Pulling from an
ocitransport will use the optional name for naming the image. - The
podman infocommand will always display the existence of the Podman socket. - The echo server example in socket_activation.md has been rewritten to use quadlet instead of
podman generate systemd. - Kubernetes support table documentation correctly show volumes support.
- The
podman auto-updatemanpage and documentation has been updated and now includes references to Quadlet.
Quadlet
- Quadlet now supports setting Ulimit values.
- Quadlet now supports setting the PidsLimit option in a container.
- Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#19884).
- Quadlet now supports ShmSize option in unit files.
- Quadlet now recursively calls in user directories for unit files.
- Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177).
- Quadlet now allows setting user-defined names for
VolumeandNetworkunits via theVolumeNameandNetworkNamedirectives, respectively. - Kube quadlets can now support autoupdate.
Bugfixes
- Fixed an issue where containers were being restarted after a
podman kill. - Fixed a bug where events could report incorrect healthcheck results (#19237.
- Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file.
- Fixed a bug where pod cgroup limits were not being honored after a reboot (#19175).
- Fixed a bug where
podman rm -afcould fail to remove containers under some circumstances (#18874). - Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#19829).
- Fixed a bug where
--hostuserwas being parsed in base 8 instead of base 10 (#19800). - Fixed a bug where
kube downwould error when an object did not exist (#19711). - Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#19139).
- Fixed a bug in
podman execto set umask to match the container it's execing into (#19713). - Fixed a bug where
podman kube playfailed to set a container's Umask to the default0022. - Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#19554).
- Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#272).
- Fixed a bug where
podman topwould sometimes not print the full output (#19504). - Fixed a bug were
podman logs --tailcould return incorrect lines when the k8s-file logger is used (#19545). - Fixed a bug where
podman stopdid not ignore cidfile not existing when user specified --ignore flag (#19546). - Fixed a bug where a container with an image volume and an inherit...
v4.6.2
v4.6.2
This tag was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
5db42e8
This commit was signed with the committer’s verified signature.
The key has expired.
ashley-cui
Ashley Cui
Changes
- Fixed a performance issue when calculating diff sizes in overlay. The
podman system dfcommand should see a significant performance improvement (#19467).
Bugfixes
- Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#19671).
API
- Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#17778).
Misc
- Updated the containers/storage library to v1.48.1