Podman 6.0: Goodbye CNI, iptables, Slirp4netns โ A Container Engine Rewrite

On July 2, 2026, Podman shipped version 6.0.0 โ its first major release in over a year. This is not a routine feature update: Podman 6 removes multiple legacy components, overhauls networking, storage, and configuration management. If you run Podman in production, there are things you need to know before upgrading.
Breaking Changes: What Legacy Users Will Face
This is the most critical part of the release. Podman 6 drops multiple components that have been part of the project since its early days:
New Networking Stack: Netavark + nftables + Pasta
- CNI is removed entirely. Podman now requires Netavark as the sole network backend. Netavark is written in Rust, purpose-built for Podman, with better dual-stack IPv4/IPv6 support and internal DNS than CNI. Custom CNI plugins must be migrated to Netavark's driver model.
- iptables is no longer supported. All users must switch to nftables. This follows the broader Linux networking trend โ iptables has been deprecated since kernel 4.x โ but Podman is one of the first container tools to force the cutover.
- Slirp4netns is removed, replaced by Pasta โ a lighter, faster rootless network stack. Pasta includes experimental support for Pesto, which preserves the original client source IP in rootless port forwarding. This matters for applications that need real client IPs for rate limiting, geo-filtering, or audit trails when running rootless containers.
Minimum dependency versions: Buildah v1.44.0, Skopeo v1.23, Netavark + Aardvark v2.0.0.
Other Removed Components
| Legacy Tech | Reason |
|---|---|
| cgroups v1 | cgroups v2 has been standard since Linux kernel 5.x |
| BoltDB | Fully migrated to SQLite (auto-migration on startup) |
| Intel Mac | Apple Silicon is the future; Intel Macs no longer supported by Apple |
| Windows 10 | Microsoft approaching end-of-support for Windows 10 |
CVE-2026-57231: Host Environment Variable Leak Patched
This release fixes a serious vulnerability (GHSA-4hq8-gpf5-8p68): a malicious container image using malformed Env entries could leak host environment variables into containers. Attackers could even use the * glob operator to scan large numbers of variables without knowing their exact names. This is particularly dangerous in CI/CD pipelines where environment variables often contain tokens, secret keys, and credentials.
Notable New Features
AMD GPU Support
The --gpus flag now supports AMD GPUs alongside NVIDIA. With the growth of ROCm and local AI model inference, this removes the NVIDIA lock-in for containerized AI workloads. A single container image can now target both GPU vendors.
Quadlet Gets a Major Upgrade
Quadlet โ Podman's tool for generating systemd units from container definitions โ received a substantial overhaul. Here's what that means for you:
- REST API for managing Quadlets: automate container deployment via API instead of SSH-ing into machines to edit files
.volumeunits gainUID=,GID=, andOptions=keys โ precise volume permission control, avoiding the classic "permission denied" when containers run as non-root users- New search paths make it easier for distributions to package Quadlets โ expect pre-built Quadlet files for popular services in your distro's repo soon
- Quadlets and associated files now live in subdirectories instead of
.appfiles โ fewer bugs when removing Quadlets, easier manual management
Podman Machine Improvements
All podman machine commands now work with VMs from all providers. This solves a real friction point: you can have an Apple Hypervisor VM for local dev and a libkrun VM for production-like testing without constantly switching providers. The new podman machine os update command lets you update the VM OS in-place without recreating from scratch.
Better Docker Compatibility
podman volume prunenow matches Docker behavior โ only prunes anonymous volumes (avoiding accidental deletion of named volumes). Use--allto prune everything- Network isolation enabled by default
- Label format output now uses
key=valuepairs instead of JSON maps
Podman Joins CNCF
A significant but understated change: Podman's Go import path has moved from github.com/containers/podman/v5 to go.podman.io/podman/v6 โ marking the project's official transition to a CNCF-owned GitHub organization. Why does this matter?
- Independent governance: Podman is no longer "Red Hat's project" โ it gets its own technical steering committee and a more transparent roadmap
- Community ownership: major decisions no longer depend on a single company, reducing vendor lock-in risk
- Deeper ecosystem integration: being under CNCF makes integration with Kubernetes, Helm, and other cloud-native tools more natural
This signals Podman's ambition to become the standard container engine in the cloud-native ecosystem, not just "the Docker alternative."
What Developers Need to Do
- Before upgrading: verify cgroups v2 (
stat -fc %T /sys/fs/cgroup/). If not, upgrade the OS first - iptables โ nftables: ensure existing firewall rules have nftables equivalents
- CNI plugins: migrate to Netavark driver model
- BoltDB auto-migration: it's automatic, but back up the SQLite database after migration
- Rootless networking: Slirp4netns โ Pasta. In most cases Pasta works out of the box with no extra configuration
- Update toolchain: Buildah 1.44, Skopeo 1.23, Netavark/Aardvark 2.0
Takeaways for Developers
- A single networking stack: CNI, iptables, and slirp4netns are fully removed, replaced by Netavark + nftables + Pasta
- CVE-2026-57231 patched: a flaw that let malicious container images leak host environment variables via malformed
Enventries and the*wildcard - Storage and OS support trimmed: BoltDB migrated to SQLite, cgroups v1 dropped, Intel Mac and Windows 10 no longer supported
- Notable new features: AMD GPU support, Quadlet gains a REST API,
podman machinenow works with any provider - CNCF membership: Podman is no longer "Red Hat's project" โ it now has independent governance and a more transparent roadmap
Podman 6.0 is the most aggressive cleanup in the project's history โ and that's a good thing. Consolidating around a single networking stack simplifies maintenance, reduces the attack surface, and paves the way for future features.
The breaking changes may cause upgrade headaches, but the direction is clear. If you haven't tried Podman yet, this release is a great entry point. If you're already using it, test thoroughly in staging before rolling to production.
Content assisted by AI (Amy ๐ธ). Reviewed by the author.
Related Posts
Software Supply Chain Security: SBOM, SLSA, and Artifact Signing for Developers
Every dependency is a potential risk. SBOM shows what's running, SLSA proves build integrity, and Cosign prevents tampering โ all integrated into your CI/CD pipeline.
AI Bot Spam Is Killing Open Source: A Story From Archestra
A Y Combinator startup received 253 spam comments from AI bots on a single issue, and 27 untested PRs for one feature. This is a real problem every maintainer faces today.
AI Found 3 Linux Kernel Root Exploits in 2 Weeks โ Developers Can't Patch Fast Enough
Fragnesia, Copy Fail, Dirty Frag โ three privilege escalation vulnerabilities found by AI in the Linux kernel. The AI security research era is here.