Podman: Rootless Docker Alternative for Running Containers

TL;DR — Quick Summary

Podman runs OCI containers without a daemon and without root. Drop-in Docker replacement with pods, rootless mode, and Kubernetes YAML generation.

Podman is Docker without the baggage. No daemon running as root, no socket to secure, no privilege escalation risks. Same commands, same Dockerfiles, same images — but each container runs as your regular user.

Installation

# Fedora/RHEL
sudo dnf install podman

# Ubuntu/Debian
sudo apt install podman

# Arch Linux
sudo pacman -S podman

# macOS (uses a VM)
brew install podman
podman machine init
podman machine start

Basic Usage (Same as Docker)

# Run a container
podman run -it ubuntu bash
podman run -d -p 8080:80 nginx

# Build from Dockerfile
podman build -t myapp .

# List containers/images
podman ps -a
podman images

# Push to registry
podman push myapp docker.io/user/myapp

# Docker compatibility alias
alias docker=podman

Pods (Container Groups)

# Create a pod with port mapping
podman pod create --name webapp -p 8080:80

# Add containers to the pod
podman run -d --pod webapp --name frontend nginx
podman run -d --pod webapp --name backend node:20

# Containers share localhost
# frontend can reach backend at localhost:3000

# List pods
podman pod ls

# Stop/remove a pod (and all its containers)
podman pod stop webapp
podman pod rm webapp

Kubernetes Integration

# Generate Kubernetes YAML from running pod
podman generate kube webapp > deployment.yaml

# Play Kubernetes YAML locally
podman play kube deployment.yaml

# Stop resources from YAML
podman play kube --down deployment.yaml

Rootless Security

# Check if running rootless
podman info --format '{{.Host.Security.Rootless}}'
# Output: true

# No daemon socket to protect
# No root process running
# Each container is a child process of your user

Comparison

Feature	Podman	Docker	containerd
Daemon	No	Yes	Yes
Rootless	Default	Opt-in	Opt-in
CLI	docker-compat	docker	ctr/nerdctl
Pods	Yes	No	No
K8s YAML gen	Yes	No	No
Compose	podman-compose	docker compose	nerdctl
Systemd	Generate units	No	No
OCI compliant	Yes	Yes	Yes

Summary

Podman is a daemonless, rootless Docker alternative — alias docker=podman
Same CLI, Dockerfiles, and OCI images as Docker
Pods group containers sharing a network namespace (like Kubernetes)
Generate Kubernetes YAML from running containers
No root daemon or socket — better security by default

Frequently Asked Questions

What is Podman?

Podman is a daemonless container engine for OCI containers. It's a drop-in replacement for Docker that runs containers without a central daemon process and supports rootless mode — containers run as your regular user, not as root.

How is Podman different from Docker?

Podman has no daemon (each container is a child process), runs rootless by default (no root needed), supports pods (groups of containers), generates Kubernetes YAML, and uses the same CLI syntax as Docker. Just alias docker=podman.

Can I use Docker commands with Podman?

Yes, Podman is CLI-compatible with Docker. Most docker commands work identically: podman build, podman run, podman push. You can alias docker=podman and existing scripts work unchanged.

What are pods in Podman?

Pods group related containers that share a network namespace (like Kubernetes pods). Containers in a pod communicate via localhost and are managed as a unit.

Installation

Basic Usage (Same as Docker)

Pods (Container Groups)

Kubernetes Integration

Rootless Security

Comparison

Summary

Related Articles

Frequently Asked Questions

Related Articles

Podman: Run Rootless Containers as a Docker Alternative

Podman Compose: Rootless Container Orchestration Guide

Infisical: Open-Source Secrets Management Platform Guide