Update — First Public Release (v5.8.1+snap1)
The first public release is now available on GitHub Releases. Since this thread was posted 13 days ago, the project has undergone significant development — 28 commits, approximately 4,900 lines of code added across 129 file changes, and an estimated 5,000+ individual test executions across five Linux distributions.
Key changes during this period include:
- Two upstream patches: one to propagate
LD_LIBRARY_PATHinto healthcheck transient units, and another to fix binary path resolution inpodman generate systemdoutput. Both have documented security reviews. - Replaced the
ldconfig-based library path approach with scoped wrappers forconmonandcrun, eliminating host-side library path poisoning — a significant correctness and safety improvement. - Upgraded
conmonfrom v2.0.25 to v2.0.26 to resolve a stderr handling bug affectingdd-based tests. - Added VM-based testing (Tier 6) covering network integrity, library path poisoning,
systemdhealth, reboot survival, and snap removal cleanup. - Ran the full upstream BATS suite (785 tests) in both root and rootless modes,
achieving approximately 96% pass rate in root mode and 84% in rootless (excluding
pasta-specific tests that don’t apply to the snap). - Added a GitHub Actions workflow that builds the snap automatically on release.
The snap should still be treated with caution — it is an unofficial package with classic confinement, sideloaded via --dangerous. That said,
I have two production use cases running in rootless mode using Quadlet to orchestrate OCI containers, and both have been stable.
The repository remains licensed under Apache 2.0. If anyone in the community wishes to adopt this work and maintain a Podman snap — whether under a different name or as part of an official effort — the project is structured to make that straightforward. I will deprecate this repository if a formally maintained Podman snap becomes available on the Store.