The daemonless, rootless container engine explained from first principles. Learn how Podman differs from Docker — and remember it with spaced repetition.
Podman is an open-source container engine for building, running and managing OCI containers and images. Its defining trait is that it is daemonless: instead of a central background service, each container runs as a direct child of the podman command. That removes the single-point-of-failure daemon and lets containers run rootless — as an unprivileged user rather than root.
Because its CLI mirrors Docker’s, most Docker commands work unchanged (often via alias docker=podman). But Podman adds concepts Docker lacks: pods that group containers around shared namespaces like a Kubernetes Pod, image builds handed to Buildah, registry transfers handled by Skopeo, and deployment through systemd using Quadlet unit files.
It has become the default container tool on Fedora and RHEL and a common drop-in Docker replacement for security-conscious teams — which makes it a natural next step after the Docker fundamentals.
Each module is a set of flashcards — 75 in total. Answer, review, and watch your knowledge grow from seed to full bloom.
Daemonless architecture, Docker CLI compatibility, OCI, and the rootful vs rootless model
15 cardsUser namespaces, subuid/subgid mapping, rootless networking, and port caveats
15 cardsPodman pods, shared namespaces, the infra container, and Kubernetes-style YAML
15 cardsBuilding with Buildah, moving images with Skopeo, registries.conf, and short-names
15 cardsQuadlet units, auto-start with systemd, lingering, and Compose vs Kubernetes YAML
15 cardsA taste of the real flashcards. Pick an answer, then reveal the explanation.
What is Podman's defining architectural difference from Docker?
Which kernel feature lets rootless Podman map container root to an unprivileged user?
What is a Podman pod?
What is Quadlet?
Each card is one practical concept with multiple options. Pick what you think is right.
See the correct option plus a clear explanation, and a link to deeper docs when one is available.
A spaced-repetition engine (SM-2 or FSRS) resurfaces each card just before you would forget it.
Running containers as an unprivileged user shrinks the blast radius of an escape — a major security win over a root-owned daemon.
The CLI matches Docker’s, so your existing muscle memory and command lines carry over with little more than an alias.
Podman pods mirror Kubernetes Pods, and it can generate and play Kubernetes YAML — a gentle bridge from a laptop to a cluster.
Quadlet turns containers into first-class systemd services with auto-restart, ordering and boot-time start — no extra supervisor.
It helps but is not required. Podman shares Docker’s CLI and concepts, so this track calls out the differences — daemonless, rootless, pods — and works whether you are coming from Docker or starting fresh.
About 10 minutes a day. Spaced repetition means short, frequent sessions beat cramming — most learners get comfortable with the fundamentals within a couple of weeks.
Yes, completely free. No registration or credit card is required, and all your progress is stored locally in your browser.
For most everyday commands, yes — the CLI is Docker-compatible. The differences worth learning are the daemonless, rootless model, pods, and building and deploying with Buildah, Skopeo and systemd Quadlet, all of which this track covers.
Plant your first seed today. Ten minutes a day is all it takes to grow real, lasting container skills.