Podman是一個(gè)無需守護(hù)進(jìn)程、支持無根運(yùn)行且與Docker命令兼容的容器管理工具，適合追求安全與簡(jiǎn)潔的Linux用戶。 1. 安裝簡(jiǎn)單，主流發(fā)行版可通過包管理器直接安裝；2. 常用命令如podman run、ps、pull、build等與Docker一致，無需學(xué)習(xí)成本；3. 支持rootless容器，提升安全性並避免權(quán)限問題；4. 可創(chuàng)建Pod以共享網(wǎng)絡(luò)和存儲(chǔ)，模擬Kubernetes環(huán)境；5. 能生成Systemd服務(wù)文件，實(shí)現(xiàn)容器開機(jī)自啟。綜上，Podman是輕量、安全且高效的Docker替代方案，特別適用於本地開發(fā)和CI/CD場(chǎng)景，值得在日常工作中採(cǎi)用。

Linux containers have become a go-to solution for lightweight, portable application deployment — and while Docker is well-known, Podman is emerging as a powerful, daemonless alternative that fits seamlessly into modern workflows. If you're looking to get started with containers on Linux without the overhead of a daemon or tight coupling to Docker, Podman is a solid choice.

Here's a practical guide to help you start using Podman for everyday container tasks.

What Is Podman and Why Use It?

Podman (short for Pod Manager ) is a container management tool developed by Red Hat that provides a Docker-compatible CLI experience — but without requiring a background daemon. Unlike Docker, which runs a central dockerd process, Podman runs containers directly as your user, improving security and simplifying system integration.

Key advantages:

• No daemon needed : Reduces attack surface and avoids permission issues.
• Rootless containers : Run containers as a regular user, enhancing security.
• Drop-in Docker replacement : Most docker commands work with podman (eg, podman run , podman build ).
• Pod support : Like Kubernetes, you can group containers into pods for better orchestration.

If you're on a modern Linux distro (Fedora, RHEL, Ubuntu 20.04 , etc.), Podman is likely already available or easily installable.

 # On Fedora/RHEL
sudo dnf install podman

# On Ubuntu/Debian
sudo apt install podman

Basic Podman Commands (Docker Users Will Feel at Home)

Podman mimics Docker's CLI, so if you've used Docker before, you'll recognize most commands.

1. Run a Container

 podman run hello-world

This downloads and runs the hello-world image. No sudo needed — it just works.

2. List Running Containers

 podman ps

Like Docker, this shows active containers. Add -a to include stopped ones.

3. Pull an Image

 podman pull ubuntu:22.04

Fetches the image from a registry (defaults to Docker Hub).

4. Start an Interactive Session

 podman run -it ubuntu:22.04 /bin/bash

Launches an Ubuntu container with an interactive shell.

5. Run in Detached Mode

 podman run -d -p 8080:80 nginx

Starts Nginx in the background and maps port 8080 on the host.

You can verify it's running:

 podman ps

Managing Images and Containers

Podman gives you full control over your container lifecycle.

List and Remove Images

 podman images
podman rmi <image-id>

Stop and Remove Containers

 podman stop <container-id>
podman rm <container-id>

You can chain commands:

 podman rm $(podman ps -aq) # Remove all stopped containers

Save and Share Containers

Want to export a container as an image?

 podman commit <container-id> my-custom-app
podman save my-custom-app | gzip > my-app.tar.gz

Later, load it on another machine:

 gunzip -c my-app.tar.gz | podman load

Build Container Images with Podman

Podman supports building images from Dockerfiles using podman build .

Example:

 # Dockerfile
FROM alpine
RUN apk add --no-cache curl
CMD ["curl", "https://httpbin.org/json"]

Build it:

 podman build -t my-curl-app .

Run it:

 podman run my-curl-app

? Tip: Use --format docker if you want Docker-compatible image formatting:

 podman build --format docker -t myapp .

Rootless Containers and Security

One of Podman's biggest strengths is rootless operation . By default, containers run under your user account, not as root.

This means:

• No need to add users to a docker group.
• Better isolation and reduced privilege escalation risks.
• Works well in restricted environments (eg, shared servers, CI pipelines).

Under the hood, Podman uses user namespaces and slirp4netns for networking when running rootless. For most use cases, this "just works" — but if you hit a network issue, check that slirp4netns is installed.

Working with Pods (Like Mini Kubernetes)

Podman supports pods , which let you group containers that share the same network and storage — just like in Kubernetes.

Create a pod:

 podman pod create --name myweb -p 8080:80

Run a container inside it:

 podman run -d --pod myweb nginx

Add another container (eg, a logging sidecar):

 podman run -d --pod myweb alpine watch 'date >> /shared/log.txt'

Now both containers share the same network namespace — they can talk via localhost .

Clean up:

 podman pod rm myweb -f

This is great for testing multi-container apps locally without Docker Compose or Kubernetes.

Integrating with Systemd (Bonus: Auto-start Containers)

Podman can generate systemd unit files to manage containers as services.

Example: Auto-start an Nginx container at boot.

1. Run the container:

    podman run -d --name nginx-server -p 80:80 nginx

2. Generate a systemd service:

    podman generate systemd --name nginx-server --files --new

   This creates a .service file in /tmp or current directory.

3. Move it to systemd:

    mv container-nginx-server.service ~/.config/systemd/user/

4. Enable and start:

    systemctl --user enable container-nginx-server.service
   systemctl --user start container-nginx-server.service

   Now your container starts automatically when you log in (or boot, with lingering enabled).

   ---

   Bottom Line

   Podman is a mature, secure, and practical tool for managing containers on Linux. Whether you're a developer, sysadmin, or DevOps engineer, it's worth trying — especially if you value simplicity, security, and compatibility.

   You can use it as a direct Docker replacement with no learning curve, benefit from rootless containers , and even simulate Kubernetes-style pods for local development.

   Give it a spin next time you reach for Docker. You might not look back.

   基本上就這些— no magic, just better defaults.

   以上是Podman對(duì)Linux容器的實(shí)用介紹的詳細(xì)內(nèi)容。更多資訊請(qǐng)關(guān)注PHP中文網(wǎng)其他相關(guān)文章！