---
title: "Living without docker: podman as a daily driver"
date: 2026-04-25
tags: [containers, podman, docker, linux, devtools, bazzite]
summary: Podman is a near drop-in replacement for the Docker CLI. Daemonless, rootless by default, ships in immutable distros. Muscle-memory translation and the few places the abstraction leaks.
aliases: [podman-vs-docker, podman-daily-driver, podman]
---

[Podman](https://podman.io/) ships on most modern Linux desktops, [[bazzite-overview|Bazzite]] included. The CLI is intentionally `docker`-compatible (most subcommands and flags work identically), but two things differ under the hood:

1. **No daemon.** Podman invokes containers directly via `runc`/`crun`. There's no long-running root service.
2. **Rootless by default.** Each user has their own container store under `~/.local/share/containers/`. Containers run mapped to your UID via [user namespaces](https://docs.kernel.org/admin-guide/namespaces/index.html).

Both are a security win. They also remove the "is the daemon running?" and "is my user in the `docker` group?" failure modes.

## Common docker commands as podman commands

```
docker pull alpine          →   podman pull alpine
docker run -it alpine sh    →   podman run -it alpine sh
docker build -t foo .       →   podman build -t foo .
docker compose up           →   podman compose up        # via podman-compose
docker ps                   →   podman ps
docker exec -it <id> sh     →   podman exec -it <id> sh
docker logs -f <id>         →   podman logs -f <id>
docker network ls           →   podman network ls
docker volume create x      →   podman volume create x
```

If your fingers keep typing `docker`, install [`podman-docker`](https://packages.fedoraproject.org/pkgs/podman/podman-docker/). It symlinks `/usr/bin/docker` to `/usr/bin/podman` so old scripts keep working. Bazzite ships it by default.

## Where the abstraction leaks

- **`docker compose` v2 vs `podman-compose`.** Parity is close but not perfect. The [compose plugin shipped with Podman 5.x](https://github.com/containers/podman-compose) handles most multi-container apps. If you hit a wall, [Quadlet](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html) units are closer to how production actually runs anyway.
- **Docker socket.** Tools that hardcode `/var/run/docker.sock` need a podman socket. Run `systemctl --user enable --now podman.socket`, then point them at `DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock`.
- **NVIDIA passthrough.** [The container toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html) supports both runtimes. The podman path needs `--security-opt=label=disable` on SELinux distros.
- **Buildkit features.** `docker build --secret`, `--ssh`, `--mount=type=cache` all have podman equivalents. Flag names differ slightly. Check `podman build --help`.
- **macOS / Windows.** Podman runs a Linux VM under the hood (`podman machine`). Resource limits and bind mounts work, but `host.docker.internal` becomes `host.containers.internal`.

## Why it matters on immutable distros

On [[bazzite-overview|Bazzite]] and other rpm-ostree systems, you avoid layering RPMs into the base image (see [[rpm-ostree-rebase-cheatsheet]]). Containers are how you install traditional CLI tooling. `distrobox` and `toolbx` both wrap Podman to give you a transparent shell into a container with your home directory mounted in. That's where `gcc`, `kubectl`, `terraform`, etc. should live.

## Related

- [[bazzite-overview]]
- [[rpm-ostree-rebase-cheatsheet]]

## References

- [Podman documentation](https://docs.podman.io/)