Podman containers.
Podman is RHEL's container engine β drop-in compatible with the docker CLI, but daemonless and rootless by default. Watch a container go from `podman run` to a persistent systemd unit via Quadlet, the modern way to make rootless services survive reboots.
Podman containers animated tutorial. Daemonless and rootless containers, podman pull/run/exec/logs/ps/inspect, volumes and port publishing, the difference from Docker, and persisting containers as systemd units with Quadlet. RHCSA EX200 ready.Daemonless, rootless, and Docker-CLI compatible. Watch a container go from pull β run β exec β persistent systemd unit (Quadlet).
- Β·Vague familiarity with containers / Docker
- Β·The systemd-targets / units lesson
- Β·Comfortable running commands as a normal user
Pull, run, exec, log into containers; mount volumes correctly on SELinux; understand rootless mode; persist with Quadlet.
pace: 10 minutes
Daemonless, rootless β what makes podman different
Docker runs a single privileged daemon (dockerd) that owns every container. Podman doesn't: each `podman run` is a normal process owned by your user, supervised by conmon. Containers run rootless by default β your UID inside the container maps to your UID outside, no root needed. Same CLI verbs as docker (`alias docker=podman` usually just works), but no daemon to crash, no root to compromise.
$podman version$alias docker=podman$podman infoThree things separate Podman from Docker on RHEL: no daemon, rootless by default, and first-class systemd integration via Quadlet. The first two improve security; the third is what makes containers feel native β they show up in `systemctl status`, log to the journal, and survive reboots like any other service.
$podman pull IMG$podman run -d --name N -p H:C IMG$podman run --rm -it IMG sh$podman ps / ps -a$podman images$podman exec -it N bash$podman logs -f N$podman inspect N | jq .$podman stop / start / restart / rm N$podman rmi IMG$-v /host:/container:Z$podman volume create / ls / rm$~/.config/containers/systemd/X.container$systemctl --user daemon-reload$systemctl --user enable --now X.service$loginctl enable-linger USERBiggest architectural difference between Podman and Docker?
You bind-mount /srv/html into a container on RHEL with SELinux enforcing. The container can't read the files. What's the fix?
You want a rootless container to survive reboots. Best modern approach on RHEL 9?
A rootless `podman run -p 80:80 nginx` fails with a permission error. Why, and the cleanest workaround?
These aren't graded β they're just for active recall, which is what actually makes the lesson stick.
systemd targets & units
Quadlet turns containers into systemd .service units. Solidify how units + dependencies + targets work and Quadlet stops feeling magical.
keep going β these pair well with what you just learned.
SELinux contexts
Why Apache can't read your file. Watch the policy engine decide β and learn the workflow for fixing denials. RHCSA-ready.
Linux boot process
From power button to login prompt. Every stage in the chain β UEFI, GRUB, kernel, initramfs, systemd β with the rescue moves that save you. RHCSA-ready.
LVM stacking
Layer-by-layer build of an LVM stack: disks β PVs β VG β LVs β filesystem. Then extend live and snapshot. RHCSA-ready.