Migrate From Docker to Podman - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Switch from Docker to Podman when installing an engine for RHEL 8 or later.

Although Podman is set up automatically in an engine installation, it is possible to migrate from Docker to Podman in an existing engine.


  • This procedure is intended for RHEL 8 or later. It may not work for other operating system types.

  • Do not use NAS storage for the $HOME directory. The directory needs to be a local directory for Podman to work.

  1. Install Podman with related packages by typing the following commands:

    • sudo yum -y install slirp4netns fuse-overlayfs

    • sudo yum -y module install container-tools

  2. Run the following commands:

    • sudo touch /etc/subuid /etc/subgid

    • sudo mkdir -p /home/demisto

    • sudo chown demisto:demisto /home/demisto

  3. Configure the unqualified-search-registries used by Podman.

    Podman by default uses the fedoraproject.org, redhat.com, centos.org, and docker.io unqualified search registries. Since Cortex XSOAR images use only the docker.io registry, you can speed up download times for container images by setting unqualified-search-registries to just docker.io.

    1. Create or edit the /home/demisto/.config/containers/registries.conf file.

    2. In the file, set unqualified-search-registries = ["docker.io"].


    If you edit the file with the root user, make sure to set the demisto user as file owner by running chown demisto:demisto /home/demisto/.config/containers/registries.conf.

  4. Change the subuids and subgids:

    sudo usermod --add-subuids 200000-265535 --add-subgids 200000-265535 demisto

  5. Migrate existing containers to Podman:

    sudo sh -c "podman system migrate"

  6. Set the net.ipv4.ping-group-range, by typing the following commands:

    • sudo sh -c "echo 'net.ipv4.ping_group_range=0 2000000' > /etc/sysctl.d/demisto-ping.conf"

    • sudo sysctl -w "net.ipv4.ping_group_range=0 2000000"

  7. As root user, edit the /usr/local/demisto/d1.conf file

  8. Change the "container.engine.type": "docker" to "podman".

    If this line does not exist, add the following line to the file:

    "container.engine.type": "podman"

     "Server": {
                    "HttpsPort": "443",
                    "ProxyMode": true
            "container": {
                                    "engine": {
                                            "type": "podman"
            "db": {
                    "index": {
                            "entry": {
                                    "disable": true
  9. Restart the service:

    sudo systemctl restart d1