Last checked and updated on 05 Jun 2026
What Is New in Podman 4.2
Podman 4.2 delivers significant enhancements across container management, networking, and security. This update focuses on refining the user experience and expanding integration capabilities with existing infrastructure.
| Category | Key Updates |
|---|---|
| New Features | Quadlet, Improved Docker Compose support, New container checkpoint/restore flags |
| Networking | DNS resolution for rootless containers, MACVLAN driver for rootless setups |
| Security & Rootless | Short-name privileged validation, New `podman unshare` command |
| Improvements | Image volume handling, API enhancements, Podman Machine for macOS |
| Deprecations | Several commands and functionalities marked for future removal |
How does Quadlet simplify running containers?
Quadlet introduces a system for generating systemd units from declarative configuration files, making it far easier to run containers as system services. You write a `.container` file with simple directives, and Quadlet handles the complex systemd unit file creation for you.
This approach is a major shift from manually crafting lengthy systemd service files. In practice, it means faster setup times and reduced complexity for deploying containerized services that need to start at boot.
Example Configuration
[Container]
Image=quay.io/nginx
PodmanArgs=--name=web
[Service]
Restart=always
[Install]
WantedBy=default.targetWhat networking improvements help rootless users?
Rootless containers now have full DNS resolver support, fixing a long-standing limitation. The new `slirp4netns` plugin integrates a DNS resolver, allowing your rootless containers to properly resolve hostnames.
Furthermore, the MACVLAN driver is now available for rootless setups. This unlocks advanced networking configurations that were previously only possible with root privileges, giving developers more flexibility.
How is Docker Compose support better now?
Podman's Docker Compose integration has matured significantly. The `podman-compose` script is now more robust and supports a wider range of compose file attributes.
This matters because it lowers the barrier to entry for teams standardized on Compose. You can now point the script at your existing `docker-compose.yaml` files and expect them to work with Podman with fewer modifications.
What new security features were added?
A new validation step for short-name image resolution prevents accidental pulls from unregistered registries. This helps avoid security risks by ensuring you're pulling images from the intended source.
The new podman unshare command provides a more intuitive way to access the user namespace of a container. It's a quality-of-life improvement for debugging and managing file permissions in rootless environments.
What's new for checkpoint and restore?
The checkpoint/restore feature gains new flags for greater control. You can now use --ignore-volumes to exclude volumes from a checkpoint and --ignore-static-ip to allow a restored container to receive a new IP address.
These options are crucial for practical use cases. The volume flag is useful for creating smaller checkpoints when data is stored externally, and the IP flag helps in environments with dynamic addressing.
FAQ
Do I need to change my scripts after upgrading to Podman 4.2?
Most scripts should work unchanged. However, you should review the list of deprecated commands (e.g., podman container checkpoint is now just podman checkpoint). Start using the new syntax to ensure future compatibility.
How do I try out the new Quadlet feature?
Place a file with a .container extension in ~/.config/containers/systemd/ (for user services) or /etc/containers/systemd/ (for system services). Run systemctl --user daemon-reload and then you can start it with systemctl --user start myfile.service.
Can I use the new rootless MACVLAN on any system?
Your kernel must be version 5.13 or newer to support the unprivileged MACVLAN functionality. Check your kernel version first with uname -r before attempting to use this feature.
What happens if I use a deprecated short-name like "redis"?
Podman will now prompt you to choose a registry from a list of configured ones or allow you to set a specific registry as the default for that short name. This interactive prompt prevents accidental pulls from Docker Hub.
Is the new DNS resolver for rootless containers enabled by default?
Yes, the DNS resolver within slirp4netns is automatically enabled, so you should see improved DNS resolution in rootless containers without any additional configuration needed on your part.