Besides doing away with a central daemon, the key distinguishing characteristics of Podman include the “pods”. These pods – based on the Kubernetes pod concept – refer to groups of multiple containers within a shared Linux namespace which share certain resources. This way, a wide range of virtualized applications can be flexibly combined.
As mentioned earlier, it’s possible to run the individual containers on the host as a normal user without root rights – the processes are only root-controlled within a container. This is possible since Podman accesses the user namespaces of the Linux kernel which assign special rights and user IDs to the processes. The fact that the containers are actually run as administrator gives the virtualized Podman environment a high level of security.
Infra Containers represent the heart of a pod. They are exclusively responsible for pod functionality and therefore manage and ensure the individual resources such as namespaces, network ports, CPU, working memory etc. What’s more, Podman utilizes the Conmon monitoring tool, written in C, for pod management. This tool monitors the individual virtualized components and secures logs, for instance. The tool also acts as an interface with the terminal of the respective container. Podman uses the software runC as runtime for the containers; it is also used in many other solutions like Docker or rkt.