3.5 Podman, Buildah, and Skopeo Container Tools Included

The podman, buildah, and skopeo container tools are provided in the Oracle Linux 8 release. These tools are compatible with the Open Container Initiative (OCI) and can be used to manage the same Linux containers that are produced and managed by Docker and other compatible container engines. Because these tools are light-weight and primarily focused on a subset of features, you can run them minus the overhead of working with a daemon process.

  • Pod Manager (podman) Oracle Linux 8 introduces the Pod Manager tool (podman), which is a daemonless container engine that you can use to develop, run, and manage compatible container images on Linux systems. The containers can be run as root or in rootless mode.

    The podman tool is built on the libpod library, which enables the management of containers and groups of containers, called pods.You can use podman to directly manage pods, container images, and containers on a single node, with commands such as run, stop, start, ps, attach, exec, and similar commands.

    The podman tool uses syntax that is similar to the docker command-line tool and is able to run images that are designed to run in a Docker environment. The podman syntax is often also simplified to make it easier to run common commands; for instance, the Docker command, docker container ls --all, is shortened to podman ls --all. Furthermore, podman introduces the --latest syntax, which can be used as shorthand for the most recently created container so that you do not have to repeatedly type the container name.

    Note that podman and related tools depend on cgroup v1 functionality, so this functionality should not be disabled.

    For more information about using podman, visit https://podman.io.

  • Buildah (buildah) You use the buildah command to create container images from a working container, a Dockerfile, or from scratch. The resulting images are Open Container Initiative compliant, so they will work on any container runtime that meets the Open Container Initiative Runtime Specification, such as Docker and CRI-O.

    The buildah command includes several options that enable you to also do the following: inspect a container or image, mount and unmount a container, create a new container layer, and delete a container or image.

    Note that Buildah can operate without Docker or other container runtimes because it stores data separately and includes features that enable you to both build images, as well as run those images as containers. Note also that Buildah stores images in an area that is identified as containers-storage that is located in /var/lib/containers.

    The buildah command differs from the docker command in the following ways:

    • No container runtime (Docker, CRI-O, or other) is required to use Buildah because the buildah command bypasses the Docker daemon.

    • You can use the buildah command to build an image that is based on another container. You can also start with a scratch (empty) image.

    • Buildah tools are external. No build tools are included within the image itself, which means the size of the images that you build with Buildah are reduced. As a result, these smaller images require fewer resources to transport. Also, the images that you build with Buildah are more secure because you do not need to use tools like gcc, make, or dnf to build a container with the resulting image.

    For more information about using Buildah, visit the GitHub Buildah page.

  • Skopeo (skopeo) Skopeo is a client tool that you use to work with remote images registries to retrieve information, images, and signing content. You can use the skopeo command to copy container images to and from remote container registries. The tool also includes capability for signing and authenticating images remotely.

    The skopeo command includes several options that enable you to copy, inspect, delete, and sign images. For example, if you wanted to inspect a container image before you pull it to your system, you would use the skopeo inspect command. This command displays information about an image that resides in a remote container registry.

    For more information about using Skopeo, visit the GitHub Skopeo page.