Hello,
I believe I have a working podman snap package but I was unsuccessful in releasing an unofficial snap package into the store as it required --classic confinement for which I was unable to obtain permission for the reasons outlined in this post.
Whilst several attempts have been made previously, and good intentions expressed since 2018 no snap package (as far as I can see) for podman has been developed. I’m therefore looking to the snapcraft community to examine the work I have done: GitHub - miah0x41/m0x41-podman · GitHub with a view of adopting and publishing it.
The term “working” can be quite subjective, what I would like to offer is objective proof in that the snap was tested with the full suite of upstream tests. The full set of results, the methodology applied and interpretation is in the repo itself. I am continuing to test and evaluate - some of the tests failed because they were run in a lxd container.
1 Like
Update — First Public Release (v5.8.1+snap1)
The first public release is now available on GitHub Releases. Since
this thread was posted 13 days ago, the project has undergone significant development — 28 commits, approximately 4,900 lines of code added
across 129 file changes, and an estimated 5,000+ individual test executions across five Linux distributions.
Key changes during this period include:
- Two upstream patches: one to propagate
LD_LIBRARY_PATH into healthcheck transient units, and another to fix binary path resolution in
podman generate systemd output. Both have documented security
reviews.
- Replaced the
ldconfig-based library path approach with scoped wrappers for conmon and crun, eliminating host-side library path
poisoning — a significant correctness and safety improvement.
- Upgraded
conmon from v2.0.25 to v2.0.26 to resolve a stderr handling bug affecting dd-based tests.
- Added VM-based testing (Tier 6) covering network integrity, library path poisoning,
systemd health, reboot survival, and snap removal
cleanup.
- Ran the full upstream BATS suite (785 tests) in both root and rootless modes,
achieving approximately 96% pass rate in root mode and 84% in rootless (excluding
pasta-specific tests that don’t apply to the snap).
- Added a GitHub Actions workflow that builds the snap
automatically on release.
The snap should still be treated with caution — it is an unofficial package with classic confinement, sideloaded via --dangerous. That said,
I have two production use cases running in rootless mode using Quadlet to orchestrate OCI containers, and both have been stable.
The repository remains licensed under Apache 2.0. If anyone in the community
wishes to adopt this work and maintain a Podman snap — whether under a different name or as part of an official effort — the project is
structured to make that straightforward. I will deprecate this repository if a formally maintained Podman snap becomes available on the
Store.
