Podman Commands Cheat Sheet: A Practical Guide for Container Management

If you have worked with Docker, switching to Podman feels immediately familiar — but with a meaningful difference under the hood. Podman is daemonless. There is no background service running as root keeping everything alive. Instead, containers interact directly with the Linux container stack, which makes the whole setup significantly more secure by default.

I put this reference together to serve as a practical day-to-day guide. Whether you are just getting started or you find yourself constantly googling the same flags, this should cover everything you need for working with Podman on Linux.

Why Podman?

Before diving into the commands, it is worth understanding what sets Podman apart. Unlike Docker, Podman does not rely on a long-running daemon process with elevated privileges. Containers are not spawned as child processes of Podman, which means they remain alive independently — even if you restart or kill the Podman process itself. This architecture also integrates cleanly with systemd, making it straightforward to manage containers as system services.

Podman is also rootless by default, meaning most operations do not require superuser privileges. This matters a great deal in shared or hardened environments.

Note: The $ symbol before commands represents the shell prompt and is not part of the command itself.

Working with Container Images

List Local Images

podman images [options]

Displays all container images currently stored on the local machine, including the repository, tag, image ID, creation time, and size.

Example:

$ podman images
REPOSITORY                        TAG      IMAGE ID      CREATED        SIZE
quay.io/bitnami/postgresql        latest   3a91bc743f1c  2 days ago     412 MB
docker.io/library/nginx           latest   c316d5a335a5  3 weeks ago    146 MB
docker.io/library/redis           latest   f1b6973564e9  3 weeks ago    116 MB
quay.io/prometheus/prometheus     latest   a07ad2c47697  5 days ago     229 MB

Pull an Image from a Registry

podman pull [options] <remote_registry_url>/<username>/<image>:<tag>

Downloads an image from a remote container registry to your local machine.

Example:

$ podman pull quay.io/prometheus/prometheus:latest

Search for Images

podman search [options] <search_string>

Searches container registries defined in /etc/containers/registries.conf for images matching the given string.

Example:

$ podman search webapp
INDEX       NAME                              DESCRIPTION
quay.io     quay.io/myorg/webapp-frontend     Frontend for the webapp project
docker.io   docker.io/someuser/webapp         A sample web application image

Inspect Image History

podman history [options] <image>:<tag>

Shows the layer-by-layer build history of a container image stored locally.

Example:

$ podman history quay.io/prometheus/prometheus:latest
ID            CREATED       CREATED BY                                  SIZE    COMMENT
8c21d3f9a013  3 months ago  /bin/sh -c #(nop) ENTRYPOINT ["/bin/prom…  0 B
<missing>     3 months ago  /bin/sh -c #(nop) EXPOSE 9090               0 B
...

Tag an Image

podman tag <image>:<tag> <image>:<new_tag>
# or
podman tag <image_uuid> <image>:<new_tag>

Applies a new tag to an existing local image. Useful for marking images before pushing to a registry or for versioning.

Example:

$ podman images
REPOSITORY                TAG    IMAGE ID       CREATED         SIZE
localhost/myapp           v1     b91d3c4ee87a   10 minutes ago  215 MB

$ podman tag b91d3c4ee87a myapp:stable

$ podman images
REPOSITORY                TAG     IMAGE ID       CREATED         SIZE
localhost/myapp           v1      b91d3c4ee87a   11 minutes ago  215 MB
localhost/myapp           stable  b91d3c4ee87a   11 minutes ago  215 MB

Remove a Local Image

podman rmi [-f] <image>:<tag>

Deletes a container image from the local cache. The -f flag forces removal even if containers are using the image. This does not affect the image in any remote registry.

Example:

$ podman rmi f1b6973564e9

Log In to a Registry

podman login [options] <image_registry_url>

Authenticates with a remote container image registry. You will be prompted for credentials.

Example:

$ podman login quay.io
Username: myuser
Password:
Login Succeeded!

Log Out of a Registry

podman logout [options]

Clears the stored credentials for the current registry session.

Example:

$ podman logout quay.io
Removed login credentials for quay.io

Push an Image to a Registry

podman push <registry_url>/<username>/<image>:<tag>

Uploads a locally built or tagged image to a remote container registry.

Example:

$ podman build -t quay.io/myorg/api-service:v2 .
...
Successfully tagged quay.io/myorg/api-service:v2

$ podman push quay.io/myorg/api-service:v2

Building Container Images

Build an Image

podman build [options] <image>:<tag> [-f <Dockerfile>]

Builds a container image from a Dockerfile. If -f is not specified, Podman looks for a file named Dockerfile in the current directory. Once built, the image is stored locally.

Example using the default Dockerfile:

$ podman build -t myapi:v1 .
STEP 1/3: FROM python:3.11-slim
STEP 2/3: COPY . /app
STEP 3/3: CMD ["python", "/app/main.py"]
COMMIT myapi:v1
Successfully tagged localhost/myapi:v1
a7f23d91bc45f533ae3078fe1d97df2a9cd27691e8d7b3317a0bdeaa24d1e705

$ podman images | grep myapi
localhost/myapi    v1    a7f23d91bc45    About a minute ago    195 MB

Example using a custom Dockerfile:

$ podman build -t myapi:debug -f Dockerfile.debug
STEP 1/2: FROM python:3.11
STEP 2/2: RUN pip install debugpy
COMMIT myapi:debug
Successfully tagged localhost/myapi:debug

Working with Containers

Run a Container

podman run [options] <repo>/<image>:<tag>

Creates and starts a container from the specified image. If the image is not available locally, Podman attempts to pull it from the registry specified in the command.

Common flags:

| Flag | Purpose | ||| | -d | Run container in the background (detached) | | --name | Assign a name to the container | | -p host:container | Map host port to container port | | -it | Attach an interactive terminal | | --rm | Automatically remove container on exit |

Example — run detached with port mapping:

$ podman run -d --name mywebapp -p 8080:80 docker.io/library/nginx
f9d2c8b12340a5e7c419875b0e3a9f1e2d345678c9a0bdeaa24d1e705f8

$ podman ps -a
CONTAINER ID  IMAGE                          COMMAND         CREATED      STATUS       PORTS                 NAMES
f9d2c8b12340  docker.io/library/nginx:latest nginx -g…       5 sec ago    Up 4 sec     0.0.0.0:8080->80/tcp  mywebapp

Example — container with interactive shell:

$ podman run -it docker.io/library/python:3.11-slim bash
root@container:/# python3 --version
Python 3.11.9

Example — auto-remove after exit:

$ podman run --rm quay.io/centos/centos:stream9 echo "Hello from CentOS Stream"
Hello from CentOS Stream

$ podman ps -a
# The container no longer appears — it was removed after exiting

Create a Container Without Starting It

podman create [options] <repo/image:tag>

Creates a container from an image but does not start it. Useful when you want to configure the container before its first run.

Example:

$ podman create --name mypostgres quay.io/bitnami/postgresql:latest
dcc2491a3d16809c5c7b939e48aa99ded40779cb79140b1b9ae8702561901952

$ podman ps -a
CONTAINER ID  IMAGE                                  COMMAND         CREATED      STATUS   PORTS  NAMES
dcc2491a3d16  quay.io/bitnami/postgresql:latest      entrypoint.sh   3 sec ago    Created         mypostgres

Start a Container

podman start [options] <container>

Starts a container that was previously created or stopped. The container can be referenced by name or UUID.

Example:

$ podman start mypostgres

$ podman ps -a
CONTAINER ID  IMAGE                              COMMAND         CREATED     STATUS           PORTS  NAMES
dcc2491a3d16  quay.io/bitnami/postgresql:latest  entrypoint.sh   1 day ago   Up 12 seconds ago       mypostgres

Stop a Container

podman stop [options] <container>

Gracefully stops a running container. Podman sends a SIGTERM signal and waits for the container to shut down cleanly.

Example:

$ podman stop mywebapp

$ podman ps -a
CONTAINER ID  IMAGE                          COMMAND    CREATED     STATUS                    PORTS  NAMES
f9d2c8b12340  docker.io/library/nginx:latest nginx -g…  1 hour ago  Exited (0) 3 seconds ago         mywebapp

Restart a Container

podman restart [options] <container>

Restarts an existing container. Works on both stopped and running containers.

Example:

$ podman restart mypostgres

Remove a Container

podman rm [options] <container>

Deletes a container from the host. Use -f to force-remove a running container without stopping it first.

Example:

$ podman rm -f mypostgres
dcc2491a3d16809c5c7b939e48aa99ded40779cb79140b1b9ae8702561901952

$ podman ps -a
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
# Empty — container has been removed

List Containers

podman ps [options]

Lists containers on the local system. By default, only running containers are shown. Use -a to include all containers regardless of state.

Example:

$ podman ps -a
CONTAINER ID  IMAGE                              COMMAND         CREATED      STATUS                    PORTS                 NAMES
f9d2c8b12340  docker.io/library/nginx:latest     nginx -g…       2 hours ago  Up 1 hour                 0.0.0.0:8080->80/tcp  mywebapp
a3e78c910f21  quay.io/prometheus/prometheus:latest  /bin/prom…   45 min ago   Exited (143) 10 min ago                         myprom

Wait for a Container Condition

podman wait [options] <container>

Blocks the current process until the specified container meets a condition (default: stopped). Useful in scripting and CI pipelines.

Example:

$ podman wait a3e78c910f21

Working with Container Processes

Execute a Command Inside a Running Container

podman exec <container> <command>

Runs a command inside a running container. The -it flag is commonly used to open an interactive shell session.

Example:

$ podman exec -it mywebapp bash
root@f9d2c8b12340:/# cat /etc/nginx/nginx.conf

View Running Processes in a Container

podman top <container>

Displays the active processes inside a container, including CPU usage and elapsed time.

Example:

$ podman top mywebapp
USER    PID   PPID   %CPU   ELAPSED          TTY  TIME   COMMAND
root    1     0      0.000  47m21.234s       ?    0s     nginx: master process
nginx   31    1      0.000  47m20.201s       ?    0s     nginx: worker process

View Container Logs

podman logs [options] <container>

Displays the output logs from a container. Use -t to include timestamps, and -f to follow live output.

Example:

$ podman logs -t mywebapp
2026-04-29T08:00:12.231000000Z /docker-entrypoint.sh: Configuration complete; ready for start up
2026-04-29T08:00:12.410000000Z nginx: start worker processes

View Resource Usage Statistics

podman stats [options] [<container>]

Streams live resource usage metrics for containers (CPU, memory, network I/O). When run without a container name, it shows stats for all containers running as root.

Note: podman stats requires sudo and only shows root-privileged containers.

Example:

$ sudo podman stats
ID            NAME          CPU %   MEM USAGE / LIMIT     MEM %   NET IO              BLOCK IO
3e98ab1d40f2  mywebapp      0.04%   5.11MB / 8.148GB      0.06%   1.1kB / 4.2kB       12.3kB / 0B
b21f5e78cd90  myprom        0.22%   48.3MB / 8.148GB      0.59%   2.4kB / 11.8kB      --/--

Inspect a Container

podman inspect [options] <container>

Returns detailed JSON metadata about a container — including its configuration, network settings, mounts, and runtime state.

Example:

$ podman inspect mywebapp | more -10
[
  {
    "Id": "f9d2c8b12340a5e7c419875b0e3a9f1e2d345678c9a0bdeaa24d1e705f8",
    "Created": "2026-04-29T08:00:05.123456789Z",
    "Path": "/docker-entrypoint.sh",
    "Args": ["nginx", "-g", "daemon off;"],
    ...

Attach to a Running Container

podman attach [options] <container>

Connects your terminal to a running container’s standard input/output. Use Ctrl+p followed by Ctrl+q to detach without stopping the container.

Example:

$ podman attach myprom

Pause and Unpause Container Processes

podman pause [options] [<container>]
podman unpause [options] [<container>]

Suspends or resumes all processes inside a container using Linux cgroups freezer. These commands only work on containers running with root privileges and must be run with sudo.

Example — pause:

$ sudo podman pause mywebapp
3e98ab1d40f2...

$ sudo podman ps -a
# STATUS shows: paused

Example — unpause:

$ sudo podman unpause mywebapp
$ sudo podman ps -a
# STATUS shows: Up N minutes ago

View Port Mappings

podman port [options] <container>

Lists all port bindings between a container and the host.

Example:

$ podman port mywebapp
80/tcp -> 0.0.0.0:8080

Working with Container Filesystems

View Filesystem Changes

podman diff [options] <container>

Reports all changes made to the filesystem by a container since it was created from the image. C indicates a changed file or directory; A indicates an added one.

Example:

$ podman diff mywebapp
C /etc
C /etc/nginx
C /etc/nginx/conf.d
C /etc/nginx/conf.d/default.conf
A /run/nginx.pid
A /var/cache/nginx/client_temp
A /var/cache/nginx/proxy_temp

Mount a Container’s Filesystem

podman mount [options] <container>

Mounts the container’s filesystem on the host and returns the path. This lets you inspect or modify the container’s files directly without entering it via exec. Requires sudo.

Example:

$ sudo podman mount mypostgres
/var/lib/containers/storage/overlay/a9c31bdf8e7423fcbd9f45123abc456/merged

$ sudo ls /var/lib/containers/storage/overlay/a9c31bdf8e7423fcbd9f45123abc456/merged
bin  boot  data  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

Unmount a Container’s Filesystem

podman umount [options] <container>

Releases the mounted filesystem for a container. Must be run as sudo.

Example:

$ sudo podman umount mypostgres
mypostgres

Export a Container’s Filesystem

podman export -o <output_filename> <container>

Exports the entire filesystem of a container as a tar archive. This captures the current state of the container, not just the base image layers.

Example:

$ podman export mywebapp > mywebapp-snapshot.tar

$ ls -lh
total 142M
-rw-rw-r--. 1 gini gini 142M Apr 29 09:12 mywebapp-snapshot.tar

Import a Filesystem as an Image

podman import <tar_filename>

Creates a new container image from an exported tar archive. This is the counterpart to podman export.

Example:

$ podman import mywebapp-snapshot.tar mywebapp-restored:v1
Getting image source signatures
Copying blob 4ab2c1d3f98e done
Writing manifest to image destination
sha256:9f12b345abc...

$ podman images
REPOSITORY                  TAG  IMAGE ID       CREATED        SIZE
localhost/mywebapp-restored  v1   9f12b345abc4   2 minutes ago  141 MB

Commit a Running Container as a New Image

podman commit [options] <container> <new_image>:<tag>

Captures the current state of a running container and saves it as a new image in the local repository. Useful for creating custom images from modified containers.

Example:

$ podman commit mywebapp mywebapp-custom:production

$ podman images
REPOSITORY                  TAG         IMAGE ID       CREATED        SIZE
localhost/mywebapp-custom   production  7bc34a91f02c   5 seconds ago  149 MB

Miscellaneous Commands

Check Podman Version

podman version

Displays version information for the installed Podman binary.

Example:

$ podman version
Version:      5.2.1
API Version:  5.2.1
Go Version:   go1.22.3
Built:        Fri Mar 15 10:30:00 2024
OS/Arch:      linux/amd64

Display System Information

podman info

Outputs detailed information about the Podman installation, including host architecture, cgroup version, storage driver, and registry configuration.

Example:

$ podman info | more -10
host:
  arch: amd64
  buildahVersion: 1.35.0
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.8
    path: /usr/bin/conmon
--More--

Quick Reference Summary

Here is a condensed summary of the most commonly used Podman commands grouped by function:

Image operations:

| Command | What it does | ||-| | podman images | List local images | | podman pull <image> | Download image from registry | | podman push <image> | Upload image to registry | | podman build -t <name> . | Build image from Dockerfile | | podman tag <id> <name:tag> | Apply a new tag to an image | | podman rmi <image> | Remove local image | | podman search <string> | Search registries for images | | podman history <image> | Show image build history |

Container lifecycle:

| Command | What it does | ||-| | podman run -d --name <name> <image> | Create and start a container | | podman create <image> | Create without starting | | podman start <container> | Start a stopped container | | podman stop <container> | Gracefully stop a container | | podman restart <container> | Restart a container | | podman rm [-f] <container> | Remove a container | | podman ps -a | List all containers |

Inspection and debugging:

| Command | What it does | ||-| | podman exec -it <c> bash | Open shell in container | | podman logs [-t] <container> | View container logs | | podman top <container> | Show running processes | | podman inspect <container> | Get full container metadata | | podman stats | Live resource usage stream | | podman diff <container> | Show filesystem changes | | podman port <container> | List port mappings |

Podman has become my go-to for container work on Linux — especially in environments where rootless operation and systemd integration are requirements. The command surface is familiar if you are coming from Docker, but the architecture underneath makes it a much better fit for secure, production-grade systems.

If you are setting up a local Podman environment and want to go deeper on running containers as systemd services or working with Podman Compose, those topics are worth a separate post.