Last checked and updated on 10 Jun 2026
What Is New in Podman 3.3
Podman 3.3 delivers significant enhancements to the container experience, focusing on new commands, improved Docker compatibility, and refined volume management. This release also introduces a new system service and strengthens security features for containerized workloads.
| Category | Key Changes |
|---|---|
| New Features | New podman system service, podman kube play command, Docker-compatible podman container cp |
| Improvements | Enhanced volume support, improved Docker Compose compatibility, new container exit policies |
| Security | Support for rootless containers in podman play kube, SELinux improvements for named volumes |
| Bug Fixes | Numerous fixes across pods, volumes, and the REST API |
What new commands were added?
Podman 3.3 introduces several powerful new commands to streamline operations. The podman system service command provides a unified API endpoint, making it easier to manage Podman programmatically.
The new podman kube play command allows you to deploy pods and containers directly from Kubernetes YAML files. This is a game-changer for developers working in hybrid environments, bridging the gap between Kubernetes and standalone containers.
For better Docker compatibility, the podman container cp command has been added. It mirrors Docker's behavior for copying files between the host and running containers, which simplifies migration scripts and workflows.
How was Docker compatibility improved?
This release deepens integration with the Docker ecosystem. The new container cp command ensures feature parity for file copy operations, reducing friction for users transitioning from Docker.
Support for Docker Compose has been significantly enhanced. Podman 3.3 improves the parsing of Docker Compose YAML files, leading to more reliable and consistent deployments when using podman-compose.
These improvements mean you can more confidently use Podman as a drop-in replacement for Docker in development and scripting, minimizing the need to rewrite existing automation.
What's new with volume management?
Volume management gets a major upgrade with the introduction of the podman volume ls --filter command. This allows for filtering volumes by key attributes like name and label, making it much easier to manage large numbers of volumes.
The --opt o=size option was added for the Overlay volume driver. This lets you specify a maximum size for a volume, which is crucial for preventing containers from accidentally consuming all available disk space.
For security, named volumes now automatically receive an SELinux label. This applies the container_file_t label by default, hardening the isolation between your containers and the host system.
How does the new system service work?
The new podman system service command starts a REST API service for managing Podman. You can specify the Unix socket or TCP address it listens on, providing a unified interface for tools to interact with Podman.
In practice, this enables better integration with third-party applications and remote management. You can now control your Podman instance through a stable API endpoint instead of relying solely on CLI command parsing.
This service is a foundational step towards more advanced orchestration and monitoring capabilities, bringing Podman closer to feature parity with Docker's API.
What security enhancements were made?
A critical security enhancement is the support for rootless containers in podman play kube. You can now safely deploy Kubernetes YAML pods without requiring root privileges, significantly reducing the attack surface.
The automatic assignment of SELinux labels to named volumes, specifically container_file_t, provides stronger default isolation. This helps contain potential breaches within a compromised container.
These features reinforce Podman's position as a secure container runtime, especially for multi-tenant environments where running as root is not an option.
FAQ
Can I now use `podman play kube` without root privileges?
Yes, absolutely. This was a major addition in Podman 3.3. The podman play kube command now fully supports rootless operation, allowing you to deploy pods from Kubernetes YAML files as a non-root user.
What is the purpose of the new `podman system service` command?
It launches a REST API service that provides a unified interface for managing Podman. This is essential for programmatic control and allows other tools to connect to Podman via a defined API endpoint on a Unix socket or TCP address.
How does the new `container cp` command differ from `podman cp`?
The new podman container cp command is an alias for podman cp that exists specifically for Docker compatibility. It behaves exactly like Docker's container cp command, making scripts and muscle memory from Docker easier to transfer to Podman.
Is there a way to limit the size of a volume created with Podman?
Yes, with the Overlay volume driver. You can now use the --opt o=size option when creating a volume to set a maximum size limit. This prevents a container from filling up your disk space through its volume.
Does Podman 3.3 work better with Docker Compose files?
Yes, significant improvements were made to the parser for Docker Compose YAML. This means podman-compose should handle a wider range of compose files more reliably, reducing errors and unexpected behavior during deployment.