Podman is RHEL 8’s native container runtime and ships as a first-class package, offering full Docker CLI compatibility without requiring a background daemon running as root. One of its most powerful features on RHEL 8 is socket activation: systemd opens the Podman socket on demand, meaning the container engine only consumes resources when something actually connects to it. This tutorial walks through enabling the Podman user socket, using the Docker-compatible endpoint from tools that speak the Docker API, generating systemd unit files from running containers with podman generate systemd, managing those units with systemctl --user, and keeping images up to date automatically with podman auto-update.
Prerequisites
- A RHEL 8 server with a non-root sudo user (rootless Podman is strongly preferred)
- Podman installed:
sudo dnf install podman podman-docker -y - Lingering enabled for your user account so user units survive logout:
sudo loginctl enable-linger $USER - systemd user instance running:
systemctl --user statusshould succeed - EPEL 8 repository enabled for optional utilities (
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm)
Step 1 — Enable the Podman User Socket
The Podman socket is activated by a systemd socket unit that ships with the podman package. Enabling it at the user level means no root privileges are required and the socket is scoped to your UID.
systemctl --user enable --now podman.socket
# Confirm the socket is listening
systemctl --user status podman.socket
# Inspect the socket path
ls -la /run/user/$(id -u)/podman/podman.sockStep 2 — Use the Docker-Compatible Endpoint
Any tool that speaks the Docker HTTP API — including the docker CLI provided by the podman-docker compatibility shim — can be redirected to the Podman socket by setting DOCKER_HOST.
export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock
# Persist for all login sessions
echo "export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock"
>> ~/.bashrc
# Test with docker CLI (provided by podman-docker)
docker ps
docker info | grep -E "^Server|^Operating"
# Pull and run a container through the socket
docker run --rm hello-worldStep 3 — Run a Container and Generate Its systemd Unit
Start a container interactively, then use podman generate systemd to produce a ready-made unit file. The --new flag makes the generated unit pull a fresh image and create a new container on each start rather than restarting a stopped container.
# Run the container you want to convert to a service
podman run -d --name mycontainer
-p 8080:80
--label "io.containers.autoupdate=registry"
docker.io/library/nginx:latest
# Generate the unit file
podman generate systemd --name mycontainer --new --files
# Writes container-mycontainer.service to the current directory
# Inspect the generated unit
cat container-mycontainer.serviceStep 4 — Install and Enable the User Service
Place the generated unit file in the standard systemd user unit directory, then enable and start it so the container launches automatically on login (or on boot if lingering is enabled).
mkdir -p ~/.config/systemd/user/
cp container-mycontainer.service ~/.config/systemd/user/
# Stop the manually-run container before letting systemd manage it
podman stop mycontainer
podman rm mycontainer
systemctl --user daemon-reload
systemctl --user enable --now container-mycontainer.service
systemctl --user status container-mycontainer.service
# Confirm the container is running under systemd management
podman psStep 5 — Automatic Image Updates with podman auto-update
The io.containers.autoupdate=registry label applied in Step 3 instructs Podman to check the remote registry for newer images. The podman auto-update command — which can be run as a systemd timer — pulls updated images and restarts affected containers in-place.
# Enable the built-in auto-update timer (runs daily)
systemctl --user enable --now podman-auto-update.timer
# Verify the timer is scheduled
systemctl --user list-timers podman-auto-update.timer
# Run a manual update check now
podman auto-update --dry-run
# Perform a live update (pulls new images, restarts containers)
podman auto-updateStep 6 — Verify Restart on Boot and Inspect Logs
With lingering enabled, the user systemd instance starts at boot before any interactive login. Verify the service recovers correctly after a system restart and use journalctl to inspect container logs.
# Simulate a reboot test without actually rebooting
systemctl --user stop container-mycontainer.service
systemctl --user start container-mycontainer.service
systemctl --user status container-mycontainer.service
# Stream container logs via the journal
journalctl --user -u container-mycontainer.service -f
# Verify lingering is still active after any config changes
loginctl show-user $USER | grep LingerConclusion
You have enabled the rootless Podman socket on RHEL 8, redirected Docker-compatible tooling to that socket via DOCKER_HOST, converted a running container into a systemd user service with podman generate systemd, enabled automatic daily image updates using the built-in podman-auto-update timer, and verified that the service recovers correctly after restart. This approach provides Docker-like ergonomics with full systemd integration and no root-privileged daemon.
Next steps: How to Use Podman Pods for Multi-Container Applications on RHEL 8, How to Build and Push Container Images with Buildah on RHEL 8, and How to Migrate Docker Compose Workflows to Podman Compose on RHEL 8.
