v4.4.0-RC1

This is the first release candidate of Podman v4.4.0. Full release notes are not available, but will be compiled for the next RC.

v4.3.1

Bugfixes

• Fixed a deadlock between the podman ps and podman container inspect commands

Misc

• Updated the containers/image library to v5.23.1

v4.3.0

Features

• A new command, podman generate spec, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
• A new command, podman update, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted (#15067).
• A new command, podman kube down, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to podman kube play --down, but it now has its own command).
• The podman kube play command now supports Kubernetes secrets using Podman's secrets backend.
• Systemd-managed pods created by the podman kube play command now integrate with sd-notify, using the io.containers.sdnotify annotation (or io.containers.sdnotify/$name for specific containers).
• Systemd-managed pods created by podman kube play can now be auto-updated, using the io.containers.auto-update annotation (or io.containers.auto-update/$name for specific containers).
• The podman kube play command can now read YAML from URLs, e.g. podman kube play https://example.com/demo.yml (#14955).
• The podman kube play command now supports the emptyDir volume type (#13309).
• The podman kube play command now supports the HostUsers field in the pod spec.
• The podman play kube command now supports binaryData in ConfigMaps.
• The podman pod create command can now set additional resource limits for pods using the new --memory-swap, --cpuset-mems, --device-read-bps, --device-write-bps, --blkio-weight, --blkio-weight-device, and --cpu-shares options.
• The podman machine init command now supports a new option, --username, to set the username that will be used to connect to the VM as a non-root user (#15402).
• The podman volume create command's -o timeout= option can now set a timeout of 0, indicating volume plugin operations will never time out.
• Added support for a new volume driver, image, which allows volumes to be created that are backed by images.
• The podman run and podman create commands support a new option, --env-merge, allowing environment variables to be specified relative to other environment variables in the image (e.g. podman run --env-merge "PATH=$PATH:/my/app" ...) (#15288).
• The podman run and podman create commands support a new option, --on-failure, to allow action to be taken when a container fails health checks, with the following supported actions: none (take no action, the default), kill (kill the container), restart (restart the container), and stop (stop the container).
• The --keep-id option to podman create and podman run now supports new options, uid and gid, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. --userns=keep-id:uid=11 will made the user running Podman to UID 11 in the container) (#15294).
• The podman generate systemd command now supports a new option, --env/-e, to set environment variables in the generated unit file (#15523).
• The podman pause and podman unpause commands now support the --latest, --cidfile, and --filter options.
• The podman restart command now supports the --cidfile and --filter options.
• The podman rm command now supports the --filter option to select which containers will be removed.
• The podman rmi command now supports a new option, --no-prune, to prevent the removal of dangling parents of removed images.
• The --dns-opt option to podman create, podman run, and podman pod create has received a new alias, --dns-option, to improve Docker compatibility.
• The podman command now features a new global flag, --debug/-D, which enables debug-level logging (identical to --log-level=debug), improving Docker compatibility.
• The podman command now features a new global flag, --config. This flag is ignored, and is only included for Docker compatibility (#14767).
• The podman manifest create command now accepts a new option, --amend/-a.
• The podman manifest create, podman manifest add and podman manifest push commands now accept a new option, --insecure (identical to --tls-verify=false), improving Docker compatibility.
• The podman secret create command's --driver and --format options now have new aliases, -d for --driver and -f for --format.
• The podman secret create command now supports a new option, --label/-l, to add labels to created secrets.
• The podman secret ls command now accepts the --quiet/-q option.
• The podman secret inspect command now accepts a new option, --pretty, to print output in human-readable format.
• The podman stats command now accepts the --no-trunc option.
• The podman save command now accepts the --signature-policy option (#15869).
• The podman pod inspect command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods (#15674).
• A series of new hidden commands have been added under podman context as aliases to existing podman system connection commands, to improve Docker compatibility.
• The remote Podman client now supports proxying signals for attach sessions when the --sig-proxy option is set (#14707).

Changes

• Duplicate volume mounts are now allowed with the -v option to podman run, podman create, and podman pod create, so long as source, destination, and options all match (#4217).
• The podman generate kube and podman play kube commands have been renamed to podman kube generate and podman kube play to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
• A number of Podman commands (podman init, podman container checkpoint, podman container restore, podman container cleanup) now print the user-inputted name of the container, instead of its full ID, on success.
• When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
• The installer for the Windows Podman client has been improved.
• The --cpu-rt-period and --cpu-rt-runtime options to podman run and podman create now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) (#15666).
• Privileged containers running systemd will no longer mount /dev/tty* devices other than /dev/tty itself into the container (#15878).
• Events for containers that are part of a pod now include the ID of the pod in the event.
• SSH functionality for podman machine commands has seen a thorough rework, addressing many issues about authentication.
• The --network option to podman kube play now allows passing host to set the pod to use host networking, even if the YAML does not request this.
• The podman inspect command on containers now includes the digest of the image used to create the container.
• Pods created by podman play kube are now, by default, placed into a network named podman-kube. If the podman-kube network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.

Bugfixes

• Fixed a bug where the podman network prune and podman container prune commands did not properly support the --filter label!= option (#14182).
• Fixed a bug where the podman kube generate command added an unnecessary Secret: null line to generated YAML (#15156).
• Fixed a bug where the podman kube generate command did not set enableServiceLinks and automountServiceAccountToken to false in generated YAML (#15478 and #15243).
• Fixed a bug where the podman kube play command did not properly handle CPU limits (#15726).
• Fixed a bug where the podman kube play command did not respect default values for liveness probes (#15855).
• Fixed a bug where the podman kube play command did not bind ports if hostPort was not specified but containerPort was (#15942).
• Fixed a bug where the podman kube play command sometimes did not create directories on the host for hostPath volumes.
• Fixed a bug where the remote Podman client's podman manifest push command did not display progress.
• Fixed a bug where the --filter "{{.Config.Healthcheck}}" option to podman image inspect did not print the image's configured healthcheck (#14661).
• Fixed a bug where the podman volume create -o timeout= option could be specified even when no volume plugin was in use.
• Fixed a bug where the podman rmi command did not emit untag events when removing ta...

v4.3.0-RC1

This is the first release candidate for Podman v4.3.0. Full release notes are not available, and will be compiled as part of the release.

v4.2.1

Features

• Added support for Sigstore signatures (sigstoreSigned) to the podman image trust set and podman image trust show commands.`
• The podman image trust show command now recognizes new lookaside field names.
• The podman image trust show command now recognizes keyPaths in signedBy entries.

Changes

• BREAKING CHANGE: podman image trust show may now show multiple entries for the same scope, to better represent separate requirements. GPG IDs on a single row now always represent alternative keys, only one of which is required; if multiple sets of keys are required, each is re
  presented by a single line.
• The podman generate kube command no longer adds the bind-mount-options annotation to generated Service YAML (#15208).

Bugfixes

• Fixed a bug where Podman could deadlock when using podman kill to send signals to containers (#15492).
• Fixed a bug where the podman image trust set command would silently discard unknown fields.
• Fixed a bug where the podman image trust show command would not show signature enforcement configuration for the default scope.
• Fixed a bug where the podman image trust show command would silently ignore multiple kinds of requirements in a single scope.
• Fixed a bug where a typo in the podman-kube@.service unit file would cause warnings when running systemctl status on the unit.
• Fixed a bug where the --compress option to podman image save was incorrectly allowed with the oci-dir format.
• Fixed a bug where the podman container clone command did not properly clone environment variables (#15242).
• Fixed a bug where Podman would not accept environment variables with whitespace in their keys (#15251).
• Fixed a bug where Podman would not accept file paths containing the : character, preventing some commands from being used with podman machine on Windows (#15247).
• Fixed a bug where the podman top command would report new capabilities as unknown.
• Fixed a bug where running Podman in a container could cause fatal errors about an inability to create cgroups (#15498).
• Fixed a bug where the podman generate kube command could generate incorrect YAML when the bind-mount-options was used (#15170).
• Fixed a bug where generated container names were deterministic, instead of random (#15569).
• Fixed a bug where the podman events command would not work with custom --format specifiers (#15648).

API

• Fixed a bug where the Compat List endpoint for Containers did not sort the HostConfig.Binds field as Docker does.
• Fixed a bug where the Compat List endpoint for Containers send the name (instead of ID) of the image the container was based on.
• Fixed a bug where the Compat Connect endpoint for Networks would return an error (instead of 200) when attempting to connect a container to a network it was already connected to (#15499).
• Fixed a bug where the Compat Events endpoint set an incorrect status for image removal events (remove instead of delete) (#15485).

v4.2.0

Podman Desktop

As part of our work to better integrate Podman into MacOS and Windows, we have also been working on a new project, Podman Desktop, which provides a GUI to help developers interact with Podman. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies).

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
• The libpod/common package has been removed as it's not used anywhere.
• The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start ([#14251...

v4.2.0-rc3

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
• The libpod/common package has been removed as it's not used anywhere.

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
• Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
• Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
• Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
• Fixed a bug where privileged containers were not able to restart if the layout of host devices changed ([#13899](#1...

v4.2.0-RC2

This is the second release candidate for Podman v4.2.0. We expect a further RC next week, and a final release a week later. Preliminary release notes are attached.

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-contaxt, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
• The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
• Init containers created with podman play kube now default to the once type (#14877).
• Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
• The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.

Bugfixes

• Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
• Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
• Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
• Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
• Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
• Fixed a bug where the podman cp command would overwrite ...

v4.2.0-RC1

This is the first release candidate of Podman v4.2.0. Full release notes are not available at present, but will be for the next RC (expected Monday, July 18, 2022).

v4.1.1

Features

• Podman machine events are now supported on Windows.

Changes

• The output of the podman load command now mirrors that of docker load.

Bugfixes

• Fixed a bug where the podman play kube command could panic if the --log-opt option was used (#13356).
• Fixed a bug where Podman could, under some circumstances, fail to parse container cgroup paths (#14146).
• Fixed a bug where containers created with the --sdnotify=conmon option could send MAINPID twice.
• Fixed a bug where the podman info command could fail when run inside an LXC container.
• Fixed a bug where the pause image of a Pod with a custom ID mappings could not be built (BZ 2083997).
• Fixed a bug where, on podman machine VMs on Windows, containers could be prematurely terminated with API forwarding was not running (#13965).
• Fixed a bug where removing a container with a zombie exec session would fail the first time, but succeed for subsequent calls (#14252).
• Fixed a bug where a dangling ID in the database could render Podman unusable.
• Fixed a bug where containers with memory limits could not be created when Podman was run in a root cgroup (#14236).
• Fixed a bug where the --security-opt option to podman run and podman create did not support the no-new-privileges:true and no-new-privileges:false options (the only supported separator was =, not :) (#14133).
• Fixed a bug where containers that did not create a network namespace (e.g. containers created with --network none or --network ns:/path/to/ns) could not be restored from checkpoints (#14389).
• Fixed a bug where podman-restart.service could, if enabled, cause system shutdown to hang for 90 seconds (#14434).
• Fixed a bug where the podman stats command would, when run as root on a container that had the podman network disconnect command run on it or that set a custom network interface name, return an error (#13824).
• Fixed a bug where the remote Podman client's podman pod create command would error when the --uidmap option was used (#14233).
• Fixed a bug where cleaning up systemd units and timers related to healthchecks was subject to race conditions and could fail.
• Fixed a bug where the default network mode of containers created by the remote Podman client was assigned by the client, not the server (#14368).
• Fixed a bug where containers joining a pod that was created with --network=host would receive a private network namespace (#13763).
• Fixed a bug where podman machine rm --force would remove files related to the VM before stopping it, causing issues if removal was interrupted.
• Fixed a bug where podman logs would omit the last line of a container's logs if the log did not end in a newline (#14458).
• Fixed a bug where network cleanup was nonfunctional for containers which used a custom user namespace and were initialized via API (#14465).
• Fixed a bug where some options (including volumes) for containers that joined pods were overwritten by the infra container (#14454).
• Fixed a bug where the --file-locks option to podman container restore was ignored, such that file locks checkpointed by podman container checkpoint --file-locks were not restored.
• Fixed a bug where signals sent to a Podman attach session with --sig-proxy enabled at the exact moment the container that was attached to exited could cause error messages to be printed.
• Fixed a bug where running the podman machine start command more than once (simultaneously) on the same machine would cause errors.
• Fixed a bug where the podman stats command could not be run on containers that were not running (it now reports all-0s statistics for Docker compatibility) (#14498).

API

• Fixed a bug where images pulled from a private registry could not be accessed via shortname using the Compat API endpoints (#14291).
• Fixed a bug where the Compat Delete API for Images would return an incorrect status code (500) when attempting to delete images that are in use (#14208).
• Fixed a bug where the Compat Build API for Images would include the build's STDERR output even if the quiet parameter was true.
• Fixed a bug where the Libpod Play Kube API would overwrite any log driver specified by query parameter with the system default.

Misc

• The podman auto-update command now creates an event when it is run.
• Error messages printed when Podman's temporary files directory is not writable have been improved.
• Units for memory limits accepted by Podman commands were incorrectly stated by documentation as megabytes, instead of mebibytes; this has now been corrected (#14187).