Podman 6.0 has been released as a major update to the open-source container engine, bringing a security fix, new Podman Machine and Quadlet capabilities, AMD GPU support, and a long list of compatibility-breaking changes that remove several older technologies from the stack.
The most important part of Podman 6.0 is the cleanup of legacy support. Starting with this version, Podman no longer supports cgroups v1 systems, as users must move to cgroups v2. Support for iptables has also been removed, and nftables is now required.
In the networking stack, CNI support is gone, and users are directed to Netavark. Similarly, the slirp4netns rootless networking stack has been removed, with Pasta now serving as the replacement.
The release also drops support for running Podman on Intel Macs and Windows 10. Another notable removal is BoltDB support. When Podman 6 starts on a system still using a BoltDB database, it automatically attempts to migrate the database to SQLite.
Because of the breaking changes, Podman 6.0 must be used with Buildah 1.44, Skopeo 1.23, Netavark and Aardvark 2.0, and configuration files from the container-libs common/v0.68 release. Additionally, Podman’s import path has changed from github.com/containers/podman/v5 to go.podman.io/podman/v6 as part of the project’s move to a CNCF-owned GitHub organization.
There are behavioral changes as well. Network isolation is now enabled by default, improving Docker compatibility and security. The podman commit command now pauses containers while committing changes, decreasing the risk of concurrent modification during the operation. The previous behavior can still be restored with --pause=false.
On the Podman volume handling side, the podman volume prune command now matches Docker’s behavior by removing only unused anonymous volumes by default. Users who want the previous behavior, which pruned all unused volumes, must pass the new --all option. Plus, a new --dry-run option has been added, allowing users to see which volumes would be removed before pruning.
Continuing the changes, all podman machine commands can now operate on virtual machines from any provider, regardless of the configured provider. A new podman machine os update command updates the operating system inside a Podman Machine VM, though it is not supported with the WSL provider.
Moreover, Podman Machine can now import the host system’s trusted CA certificates into VMs on Linux, macOS, and Windows using the new --import-native-ca option.
On Linux, Podman Machine VMs now mount host volumes using systemd. This change breaks volume mounts on existing Linux Podman Machine VMs, so those machines must be recreated. On macOS, the default Podman Machine provider has changed to libkrun.
Quadlet, the tool that automates and simplifies running containers as systemd services, also receives several updates. The podman quadlet command now places Quadlets and their associated files in subdirectories instead of tracking them through a .app file.
Moreover, the release adds UID=, GID=, and Options= support for .volume units, and introduces new search paths to help distributions package and distribute Quadlets more easily.
For container workloads, Podman 6.0 adds AMD GPU compatibility to the --gpus option used with podman create and podman run. Containers can now also use multiple static IP addresses by passing the ip= option to --net multiple times. Additionally, the podman network create command can create blackhole, unreachable, and prohibit routes, allowing administrators to block container access to specific networks.
Other smaller additions include a new --no-session option for podman exec to improve performance by disabling API session tracking and database operations, new Repository and Tag fields in podman image list --format json, custom TLS tuning through the --tls-details option, CDI device reporting in podman info, and new lifecycle events for artifacts.
For additional details, see the changelog. And finally, once again: Podman 6.0 is a significant modernization release. So, systems that still rely on CNI, slirp4netns, iptables, cgroups v1, BoltDB, Windows 10, or Intel Mac support must consider those removals before upgrading.
