When talking about the Future of Technology, many seasoned techs know that virtualization and containerization are very much that path. They allow for greater application and service security, and they’re easily managed through other services that allow for snapshotting, templates, and greater customization than you get with the one-server-per-application model. However, it’s not always completely clear how you should get started with virtualization and containerization. We’ve covered virtualization on Linux, Windows, and macOS many times before, but containerization tends to be a bit of a different beast. We’re providing you in this article with a beginner’s guide to Podman on Linux, a great tool for containerization.
What Are Containers?
Containers are essentially little virtual machines – but just for applications. They use a lot of the same concepts and carry much of the same security and ease-of-use features, but they’re much smaller and allow for easy imaging and distribution of an application. This is a lot of what Flatpaks and Snaps are based on. You can start to see the parallels: one program, multiple applications that run in isolated environments.
What Is Podman?
One is that Podman is daemonless, whereas Docker relies on a daemon. This means Podman containers can work without root-level permissions, allowing for more security and flexibility. A container running at a user level means users can only see their containers and nobody else’s. Podman is lighter on system resources due to the simpler architecture, which makes for a more enjoyable experience.
The daemonless architecture leads to something called rootless containers. It’s a concept that builds on the previous difference but focuses on security. If an attacker compromises your container and manages to escape for whatever reason, they only have basic user permissions rather than root permissions. This requires some additional setup to get going, and there are some shortcomings at the moment, but it’s something that’s worth a look.
For most distros, Podman is in the main repositories, making it a simple installation command:
The command syntax to start a Podman container can be a little confusing, but once you start to get the hang of it, you’ll start to recognize the patterns. There’s a sample container from the project that you can run by entering this command into the terminal:
That will pull some images from the registry that’s listed, and once it’s done, you’ll get a long number. You’ll end up seeing that later when you check on running containers.
To check running Podman containers, enter the following command:
You’ll see the container that you started earlier. This confirms that it’s running. However, if you want to specifically look at the webpage that Apache is running, you’ll run the following command:
0.0.0.0 with whatever IP address is shown when you ran the
podman ps command. You should get a bunch of garbled HTML, but if you look right at the top, you’ll notice the syntax for a title in HTML and will know it’s working.
Something that’s nice about Podman is using images. You can search for other images like the
httpd or other programs that you’re interested in running.
I searched for
vncserver, and this is what I got. You can see that there are many options, and it’ll just come down to your personal preference.
To grab one of those images, run the
podman pull command.
It’s recommended that you pull the full url for the container registry to be completely accurate. As an example, the command I’m running is:
rather than just running
podman pull vncserver because there may be images I don’t want that’ll be chosen instead of this one that I do want.
You can also check on your images with this command:
And stop containers with this command:
-l flag means it’ll stop the latest run container, but you can also use the
-a flag to stop all containers.
You may have noticed that Podman can also look at docker.io for container images. That’s because the Podman commands and the Docker commands are essentially the same – so much so that it’s sometimes recommended to alias the
docker command to
podman like this:
This means any time you enter
docker, your machine will run the
podman command anyway.
To set your system up for rootless containers, there’s quite some setup to go through, but there’s great documentation on their Github page.
I hope you enjoyed this primer on Podman, a great little tool that will allow you to run daemonless, rootless containers to keep your system lean, tidy, and secure. If you did, make sure to check out some of our other container content, like our guides on running Ubuntu in a container in ChromeOS, copying Docker containers to another host, and limiting Docker Container resources.