Podman 5.8 dropped this week, and while it’s not a flashy major release, it lays important groundwork for the upcoming 6.0 transition. The headline features are a significantly improved Quadlet install workflow and an automatic database migration that moves users from BoltDB to SQLite - quietly preparing the ecosystem for the next generation.
If you’ve been running Quadlet-based deployments (I wrote about that approach in detail in my production-grade Podman Quadlets guide), several of these changes directly improve that workflow.
Quadlet Multi-File Install
The biggest usability improvement in 5.8 is multi-file support for podman quadlet install. Previously, installing a multi-container setup meant feeding each Quadlet unit file to the command individually. Now you can bundle multiple Quadlet definitions into a single file, separated by --- delimiters, with each section identified by a # FileName=<name> header.
# FileName=myapp-db.container
[Container]
Image=docker.io/library/postgres:17
...
---
# FileName=myapp-web.container
[Container]
Image=docker.io/library/nginx:latest
...
---
# FileName=myapp.network
[Network]
Subnet=10.89.1.0/24
This brings Quadlet closer to the “single manifest” experience people are used to from Docker Compose or Kubernetes YAML, while retaining the systemd-native integration that makes Quadlet compelling in the first place. For complex deployments with multiple containers, networks, and volumes, this cuts the friction significantly.
Automatic BoltDB to SQLite Migration
This is the change that matters most for the long term. Podman has been transitioning its internal database from BoltDB to SQLite, and 5.8 makes this migration automatic: legacy BoltDB databases will convert to SQLite upon system reboot.
# If automatic migration fails, you can trigger it manually
podman system migrate --migrate-db
The motivation is straightforward. SQLite offers better concurrent access, more reliable crash recovery, and a proven track record at scale. BoltDB served Podman well, but as container workloads grow more complex - particularly with pods and Quadlet-managed services - the limitations of a simple key-value store become apparent.
This is explicitly preparation for Podman 6.0, where SQLite will be the only supported backend. If you’re running 5.8, the migration happens transparently. If something goes wrong, the manual migration command is your fallback.
AppArmor Support in Quadlet
Container Quadlet files now accept an AppArmor key for configuring container AppArmor profiles directly in the unit definition:
[Container]
Image=docker.io/library/nginx:latest
AppArmor=my-custom-profile
For distributions that use AppArmor as their MAC system (Debian, Ubuntu, SUSE), this removes a gap in Quadlet’s security configuration. Previously, you’d need to pass AppArmor settings through the less ergonomic PodmanArgs escape hatch.
Performance and Usability Improvements
Several smaller changes round out the release:
podman exec --no-session disables session tracking for exec commands. If you’re running frequent exec calls against a container - health checks, monitoring scripts, batch operations - the session tracking overhead adds up. This flag trades tracking for raw speed.
podman update --ulimit lets you modify container ulimits on a running container without recreating it. Useful when you realize your database container needs more open file descriptors and you’d rather not cycle the whole service.
VM artifact path optimization improves podman artifact add when working with podman machine VMs. Files on shared paths are now loaded directly from the VM filesystem rather than streaming through the REST API - a notable speedup for large artifacts.
podman secret create - no longer requires pipe input. You can now type a secret directly at the terminal prompt, which is more intuitive for interactive use.
Bugfixes
The release addresses a range of issues across the stack:
- Healthcheck start period timing now works correctly with Kubernetes YAML deployments
- Environment variable precedence in
kube playfollows the expected order - Volume mount path handling is more robust across edge cases
- Authentication handling improvements for private registries
- Windows path processing fixes for cross-platform workflows
Updated Dependencies
Podman 5.8 ships with Buildah v1.43.0, containers/storage v1.62.0, containers/image v5.39.1, and containers/common v0.67.0.
Looking Ahead
The SQLite migration signals where Podman is heading. Version 6.0 will likely bring more significant architectural changes, and 5.8 is doing the responsible thing: migrating users incrementally rather than forcing a flag day. If you’re running Podman in production, updating to 5.8 sooner rather than later gives you a smooth transition path.
For Quadlet users in particular, the multi-file install support makes managing complex deployments meaningfully easier. Combined with the AppArmor integration and the ongoing maturation of the Quadlet system, Podman continues to build a compelling case as a production container runtime that doesn’t need a daemon or an orchestrator to be useful.
References
- Podman 5.8.0 Release Notes
- Linuxiac: Podman 5.8 Introduces Quadlet Multi-File Install and SQLite Migration
- Podman Quadlet Documentation
- Production-Grade Container Deployment with Podman Quadlets - my earlier deep-dive into Quadlet-based deployments
Comments
You can use your Mastodon or other ActivityPub account to comment on this article by replying to the associated post.
Search for the copied link on your Mastodon instance to reply.
Loading comments...