In addition to giving up a central daemon , another of the most prominent features of Podman are the so-called pods . These pods , inspired by the concept of pods of Kubernetes are merging several containers in a namespace Common Linux share resources concrete. In this way, a wide variety of virtualized applications can be combined.
As we have already mentioned, it is possible to run the containers on the main computer as a regular user without root privileges , although within a container the processes are executed by root . Podman does this by resorting to the Linux kernel user namespaces , which assign special privileges and a user ID to processes. The fact that the containers actually run as an administrator gives the Podman virtualized environment a high standard of security.
The core of a pod is made up of so-called infra containers , which are solely responsible for the functionality of the merge. To this end, the infra containers manage and guarantee resources such as namespaces , network ports, CPU, main memory, etc. In addition, with regard to the management of pods , Podman commitment monitoring tool Conmon, stored on disk C, which controls each of the virtualized components and, among other things, ensures the logs . Also, the tool acts as an interface to the terminal of each container. As a runtime for the container, Podman uses the runC software, which is also integrated into many other solutions such as Docker or rkt.