Podman Rules
Daemonless container engine for building, running, and managing OCI containers. Rootless by default, Docker-compatible CLI.
3 rules
Container Image Standards for Podman
Beginner
Enforce container image best practices — Containerfile naming, multi-stage builds, non-root users, pinned versions, and registry configuration for Podman workflows.
globs: **/Containerfile, **/Dockerfile, **/.containerignore
containerfile, image-best-practices, multi-stage-build, non-root
View Rule
Quadlet File Standards
Intermediate
Enforce standards for Podman Quadlet unit files — naming conventions, required directives, health checks, restart policies, and file placement for rootless and rootful services.
globs: **/*.container, **/*.pod, **/*.volume, **/*.network, **/*.kube
quadlet-standards, systemd-units, health-checks, service-management
View Rule
Rootless-First Container Policy
Beginner
Enforce rootless Podman as the default execution mode — require justification for root containers, mandate user namespace isolation, and prohibit unnecessary privilege escalation.
globs: **/Containerfile, **/Dockerfile, **/*compose*.yml, **/*compose*.yaml, **/containers/systemd/*.container
rootless-policy, container-security, privilege-restriction, podman-best-practices
View Rule