Using Podman Instead of Docker to Run Containers

Podman is an open‑source container engine designed for running, building, and managing containers — just like Docker. It supports the same container standards, and its CLI is Docker‑compatible. Most Docker commands work directly with Podman.

Podman has some key differences that enhance the security posture of Ansys HPC Platform Services:

	Docker	Podman
Container support	Rootful containers Runs containers with root privileges on the host system	Rootless containers Runs containers under a standard Unix user account on the host system
Security	Potentially higher security risks if the container is compromised, as the attacker can gain root access on the host	Increased security as a compromised container cannot escalate privileges to root
Limitations	Higher security risks as described above	May have limitations in certain operations, such as creating new devices or loopback mount points, which require root privileges

Docker

Podman

Container support

Rootful containers

Runs containers with root privileges on the host system

Rootless containers

Runs containers under a standard Unix user account on the host system

Security

Potentially higher security risks if the container is compromised, as the attacker can gain root access on the host

Increased security as a compromised container cannot escalate privileges to root

Limitations

Higher security risks as described above

May have limitations in certain operations, such as creating new devices or loopback mount points, which require root privileges

Topics:

Podman and Podman Compose Support
Using Podman for the Deployment of Core Services