Chapter 5. Containers


The following chapter contains the most notable changes to containers between RHEL 9 and RHEL 10.

The system connections and farm information stored in the containers.conf file are now read-only

  • The system connections and farm information stored in the containers.conf file are now read-only. The system connections and farm information will now be stored in the podman.connections.json file, managed only by Podman. Podman continues to support the old configuration options such as [engine.service_destinations] and the [farms] section. You can still add connections or farms manually if needed; however, it is not possible to delete a connection from the containers.conf file with the podman system connection rm command.

The slirp4netns network mode is deprecated

  • The slirp4netns network mode is deprecated and will be removed in a future major release of RHEL. The pasta network mode is the default network mode for rootless containers.

The cgroups v1 for rootless containers is deprecated

  • The cgroups v1 for rootless containers is deprecated and will be removed in a future major release of RHEL. The cgroups v2 is used by default instead of cgroups v1.

The containernetworking-plugins package and the CNI network stack are no longer supported

  • The containernetworking-plugins package is removed, and the CNI network stack is no longer supported.

    • If you upgrade from the previous RHEL versions to RHEL 10.0 or if you have a fresh installation of RHEL 10.0, the CNI network backend is no longer available. Existing containers that use CNI for networking will no longer function and will need to be removed and recreated. Newly created containers will use the default netavark network backend.
    • If present, the cni value in the containers.conf file for the network_backend option must be changed to netavark or can be unset.

The runc container runtime has been removed

The runc container runtime is removed. The default container runtime is crun. If you upgrade from the previous RHEL versions to RHEL 10.0, you have to run the podman system migrate --new-runtime=crun command to set a new OCI runtime for all containers.

tzdata package is no longer installed by default in the minimal container images

The tzdata package is no longer installed in the registry.access.redhat.com/ubi10-minimal container image. As a consequence, if you migrate your minimal container builds from a previous RHEL release to RHEL 10.0, and you enter the microdnf reinstall tzdata command to reinstall the tzdata package, you get an error message because the tzdata package is no longer installed by default. In this case, enter the microdnf install tzdata command to install tzdata. Without the tzdata package, only the UTC timezone will be available.

composefs filesystem is available as a Technology Preview

The key technologies composefs uses are:

  • OverlayFS as the kernel interface
  • Enhanced Read-Only File System (EROFS) for a mountable metadata tree
  • The fs-verity feature (optional) from the lower filesystem

Key advantages of composefs:

  • Separation between metadata and data. composefs does not store any persistent data. The underlying metadata and data files are stored in a valid lower Linux filesystem such as ext4, xfs, and so on.
  • Mounting multiple composefs with a shared storage.
  • Data files are shared in the page cache to enable multiple container images to share their memory.
  • Support fs-verity validation of the content files.

Running RHEL 7 containers on a RHEL 10 host is not supported

Running RHEL 7 containers on a RHEL 10 host is not supported. For more information, see Red Hat Enterprise Linux Container Compatibility Matrix.

Changed location of the storage.conf file

Beginning with RHEL 10.0, the storage.conf configuration file is located in the /usr/share/containers directory instead of /etc/containers.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat