// the find
podman-container-tools/podman
Podman: A tool for managing OCI containers and pods.
Podman is Red Hat's daemonless container engine that runs OCI containers without requiring root privileges or a background daemon process. It's a direct Docker CLI replacement that's been production-hardened over years of use in RHEL/Fedora environments. The target audience is anyone who wants Docker-compatible container management with a better security posture, or who works in environments where running a root daemon is a non-starter.
The rootless mode is genuinely well-implemented — containers can't escalate beyond the launching user's privileges by design, not just by configuration. No daemon means no single point of failure and no idle resource drain; containers survive a podman process restart. The Docker CLI compatibility is thorough enough that most docker-compose workflows port over with minimal friction, and the REST API surface covers both Docker-compat and Podman-native endpoints. Quadlet (systemd unit file generation from container definitions) is a practical answer to the 'how do I run containers as services without Compose' problem that actually integrates with how Linux systems already work.
The machine layer on Mac and Windows is a VM wrapper around the Linux binary, which means you're running Linux-in-a-VM just like Docker Desktop — the daemonless story is Linux-only. Compose support is delegated to a separate podman-compose project that lags Docker Compose in feature parity and has its own bug surface. The split between Podman, Buildah, Skopeo, and CRI-O is architecturally clean but operationally confusing — new users frequently don't know which tool they need and documentation assumes they already do. Windows support is still second-class; WSL integration has rough edges that don't exist on Linux, and some features simply don't work outside that environment.