Podman 5.0: The Complete Docker Alternative Guide for Linux Sysadmins

Podman 5.0 has arrived, and it’s the most compelling Docker alternative yet. With rootless containers by default, native pod support, and full Docker CLI compatibility, Podman is now the go-to container runtime for security-conscious Linux sysadmins. This guide covers everything you need to make the switch.

Why Podman Over Docker in 2026?

• Daemonless Architecture: No background daemon means no single point of failure and better security
• Rootless by Default: Containers run as your user, not as root — major security win
• Systemd Integration: Generate systemd unit files directly from containers
• Pod Support: Native Kubernetes-style pods without K8s overhead
• Docker Compatible: alias docker=podman works for 99% of workflows

Installation

centos-rocky-alma-9">RHEL/CentOS/Rocky/Alma 9

sudo dnf install podman podman-compose
podman --version

Ubuntu 22.04/24.04

sudo apt update
sudo apt install podman podman-compose
podman --version

Fedora

sudo dnf install podman podman-compose  # Already included in Fedora

What’s New in Podman 5.0

• Podman Machine v2: Completely rewritten VM backend for Mac and Windows with faster startup
• Hypervisor Framework: Native Apple Hypervisor support on macOS (no more QEMU dependency)
• Manifest Lists: Improved multi-arch image building
• SQLite Database: Replaced BoltDB for better performance and reliability
• Quadlet Enhancements: Better systemd integration for production deployments

Essential Commands: Docker to Podman Cheat Sheet

# Pull and run — identical to Docker
podman pull nginx:latest
podman run -d --name web -p 8080:80 nginx

# List containers
podman ps -a

# Build from Dockerfile (yes, same Dockerfile)
podman build -t myapp:latest .

# Pods — Podman's superpower
podman pod create --name mypod -p 8080:80 -p 5432:5432
podman run -d --pod mypod --name web nginx
podman run -d --pod mypod --name db postgres:16

# Generate systemd service
podman generate systemd --new --name web > ~/.config/systemd/user/web.service
systemctl --user enable --now web.service

# Rootless volume management
podman volume create mydata
podman run -v mydata:/data:Z myapp

Quadlet: The Production Deployment Game-Changer

Quadlet replaces podman generate systemd with a cleaner, declarative approach. Create a .container file in /etc/containers/systemd/:

# /etc/containers/systemd/webapp.container
[Container]
Image=docker.io/library/nginx:latest
PublishPort=8080:80
Volume=webdata.volume:/usr/share/nginx/html:Z
Environment=NGINX_HOST=mysite.com

[Service]
Restart=always

[Install]
WantedBy=default.target

# Then simply:
systemctl daemon-reload
systemctl start webapp

Podman Compose vs Docker Compose

Podman Compose reads the same docker-compose.yml files. For most projects, it’s a drop-in replacement:

podman-compose up -d
podman-compose logs -f
podman-compose down

For complex setups, consider podlet which converts compose files to Quadlet units for production systemd management.

Security Best Practices

• Always use rootless: podman unshare for namespace management
• Enable user namespaces: /etc/subuid and /etc/subgid properly configured
• Use :Z for SELinux volumes: Prevents permission denied errors on RHEL-based systems
• Scan images: podman image scan myimage for vulnerability checking
• Read-only containers: podman run --read-only for immutable deployments

Migrating from Docker

The migration path is straightforward:

1. Install Podman alongside Docker (they don’t conflict)
2. Test your existing Dockerfiles with podman build
3. Convert docker-compose files using podman-compose
4. For production, convert to Quadlet units
5. Once validated, remove Docker: sudo dnf remove docker-ce

Podman 5.0 is production-ready and battle-tested. If you’re still running Docker for local development or production containers, now is the time to switch. The security benefits alone make it worth the minimal migration effort.