Podman runs containers without a root daemon. It's Docker-compatible — same commands, same images, same Compose files. But it's rootless by default, and each container runs in its own process tree.
Podman vs Docker
| Feature | Docker | Podman |
|---|---|---|
| Daemon | Required (dockerd) | No daemon |
| Rootless | Optional | Default |
| Compose | docker compose | podman compose |
| Pods | No | Yes (K8s-style) |
| Systemd | Workarounds | Native |
| Socket | /var/run/docker.sock | Per-user |
Quick Start
# Install
brew install podman # macOS
sudo apt install podman # Ubuntu/Debian
# Initialize machine (macOS/Windows)
podman machine init
podman machine start
# Use exactly like Docker
podman run -d -p 8080:80 nginx
podman ps
podman logs <container-id>
Docker Alias (Drop-In Replacement)
alias docker=podman
# Now all your Docker commands work with Podman
docker build -t myapp .
docker run -p 3000:3000 myapp
Pods (Kubernetes-Style Grouping)
# Create a pod
podman pod create --name myapp -p 8080:80
# Add containers to the pod (they share network)
podman run -d --pod myapp nginx
podman run -d --pod myapp redis
# Generate Kubernetes YAML from running pod
podman generate kube myapp > myapp.yaml
This is huge: you can prototype locally with pods, then generate kube to get real K8s manifests.
Podman Compose
pip install podman-compose
podman-compose up -d
Works with existing docker-compose.yml files — same syntax, no changes needed.
Systemd Integration
# Generate systemd unit from running container
podman generate systemd --name mycontainer --files
# Enable auto-start on boot
systemctl --user enable container-mycontainer.service
No need for Docker's restart policies — use the OS service manager directly.
Rootless = More Secure
Every Podman container runs under your user account. No root daemon means:
- No privilege escalation via socket
- User namespaces isolate container processes
- Container breakout = your user permissions, not root
The Bottom Line
If you're on Linux and want containers without the Docker daemon overhead, Podman is the answer. The Docker compatibility means zero migration effort, and rootless-by-default is a security win.
Need to automate data collection or build custom scrapers? Check out my Apify actors for ready-made tools, or email spinov001@gmail.com for custom solutions.
Top comments (0)