Podman 6.0 Cuts Five Legacy Layers: What Container Teams Must Audit Before Upgrading

Podman 6.0 Cuts Five Legacy Layers: What Container Teams Must Audit Before Upgrading

Podman 6.0 Cuts Five Legacy Layers: What Container Teams Must Audit Before Upgrading

https://www.techtimes.com/articles/319585/20260703/podman-60-cuts-five-legacy-layers-what-container-teams-must-audit-before-upgrading.htm

Publish Date: 2026-07-03 05:26:00

Source Domain: www.techtimes.com

Podman 6.0.0, released June 24, has permanently removed five foundational components that powered Linux container deployments for the better part of a decade — cgroups v1, iptables, CNI, slirp4netns, and BoltDB — in a single major version that leaves no migration runway for teams that haven’t already modernized. For DevOps engineers and platform operators whose production workloads still touch any of those five layers, the decision is now binary: audit and upgrade, or stay on Podman 5.x.

The release also patches CVE-2026-57231, a supply-chain vulnerability that could allow a malicious container image to capture host environment variables, including secrets and credentials, without knowing their exact names. The fix was simultaneously backported to Podman 5.8.4, released June 26 — meaning teams not ready to absorb 6.0’s breaking changes can still get the security patch immediately.

Five Breaking Changes, One Migration Window

The five removals in Podman 6.0 are the conclusion of a deprecation cycle that began with Podman 4.0 in 2022. Warnings have been public for over a year. The 6.0 milestone makes them permanent.

cgroups v1 is gone. The Linux kernel’s original resource-control mechanism, which allowed different controllers (CPU, memory, I/O) to operate in separate, independent process hierarchies, has been removed in favor of the unified cgroups v2 hierarchy introduced in Linux 4.5 in 2016. Cgroups v2 enforces that all threads of a process belong to the same cgroup — eliminating the coordination failures that plagued v1 — and enables the delegation model that Podman’s rootless mode depends on. Any system that boots with cgroups v1 as its active hierarchy will not start Podman 6.0. See the Red Hat cgroups v2 migration guide for migration steps.

The practical exposure here is specific: Red Hat Enterprise Linux 8 still defaults to cgroups v1. Operators running Podman on RHEL 8 will need to add systemd.unified_cgroup_hierarchy=1 to their kernel boot parameters…

Source