Exercise: OCI Application Container with Podman

Running Your First Rootless Container

A hands-on exercise to run a simple, rootless OCI-compliant container using the Podman command-line tool, demonstrating the basics of application containerization.
Author

Chuck Nelson

Published

November 16, 2025

1 Purpose

This exercise introduces you to the basics of running an OCI-compliant application container using Podman, the default container engine on modern Fedora systems. You will run a simple “hello-world” container and then a more practical web server container, all without requiring root privileges. This demonstrates the power and security benefits of modern, rootless container workflows.

2 What You’ll Accomplish

By the end of this exercise, you will be able to:

  • Use the podman run command to execute a container from an image.
  • Explain the purpose of the --rm, -it, and -p flags.
  • Run a containerized web server and access it from your host machine.
  • Use podman ps to view running containers.

This exercise maps to the following program and course learning outcomes:

  • Course Learning Outcomes (CLOs):
    • 1. Identify hardware and basic network components: This exercise introduces containers, a modern method of virtualizing and deploying software components.

This exercise develops the following skills, which align with the O*NET SOC Code 15-1232.00 for Computer User Support Specialists.

Learning Objective O*NET KSAs Technologies Used
Run a rootless OCI application container. Knowledge: Computers & Electronics
Skills: None		 Podman, OCI
Explain basic podman run command options. Knowledge: Computers & Electronics
Skills: Reading Comprehension		 podman run

3 Prerequisites

This exercise requires a running Fedora 42 virtual machine with internet access. Podman is installed by default on Fedora Workstation.

4 Step-by-Step Guide

Open a terminal window in your Fedora VM to begin.

4.1 Step 1: Run the “Hello World” Container

The hello-world image is a tiny container designed to test that your container engine is working correctly.

  1. Run the following command. Note that sudo is not required.

    podman run --rm -it hello-world

  2. Analyze the Command and Output:

    • podman run: The basic command to run a container. Podman will first check if you have the hello-world image locally. If not, it will automatically download it from a container registry.
    • --rm: This flag tells Podman to automatically remove the container after it exits. This is useful for keeping your system clean during tests.
    • -it: A combination of -i (interactive) and -t (pseudo-TTY), which allows you to interact with the container.
    • The output will be a message from the container explaining that your installation appears to be working correctly.

4.2 Step 2: Run a Web Server Container

Now let’s run a more useful container: the official Apache HTTPD web server.

  1. Run the following command:

    podman run -d --rm -p 8080:80 docker.io/library/httpd

  2. Analyze the Command:

    • -d: This flag runs the container in “detached” mode (in the background) and prints the new container’s ID.
    • -p 8080:80: This is the port mapping flag. It maps port 8080 on your Fedora host to port 80 inside the container. This allows you to access the web server running inside the container.

4.3 Step 3: View the Running Container

You can see a list of your running containers with the podman ps command.

  1. Run the command:

    podman ps

  2. You will see your httpd container listed, along with its ID, the image it’s from, and the port mapping.

4.4 Step 4: Access the Web Server

Because you mapped port 8080, you can now access the web server from your Fedora VM’s browser.

  1. Open the Firefox browser in your VM.
  2. Navigate to the address: http://localhost:8080
  3. You should see a simple page with the text: “It works!”. This page is being served by the Apache server running inside your container.

4.5 Step 5: Stop the Container

  1. Find your container’s ID or name from the podman ps command.

  2. Use the podman stop command to stop it.

    # Replace with your container's ID or name
podman stop <container_id>

    Because you used the --rm flag when you started it, Podman will automatically remove the stopped container. Running podman ps again will show an empty list.

5 Reflect and Review

ImportantReflection: 3-2-1

Now that you have completed this exercise, reflect on your experience in your Microsoft Teams Student Notebook:

  • 3 podman subcommands you used (e.g., run, ps, stop).
  • 2 command-line flags you learned about.
  • 1 question you still have about rootless containers.
TipCheck on Learning

Answer these questions in your notebook to solidify your understanding:

  1. What is the benefit of running Podman commands without sudo?
  2. What does the -p 8080:80 flag do in a podman run command?
  3. What command would you use to see a list of your currently running containers?
  4. What does the --rm flag accomplish?
Back to top