Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Server 15 SP2

11 Buildah Overview Edit source

Buildah is tool for building OCI-compliant container images. Buildah can handle the following tasks.

  • Create containers from scratch, or from an existing image.

  • Create an image from a working container or via Dockerfile.

  • Build images in the OCI or Docker Open Source Engine image formats.

  • Mount a working container's root filesystem for manipulation.

  • Use the updated contents of a container's root filesystem as a filesystem layer to create a new image.

  • Delete a working container or an image and rename a local container.

Compared to Docker Open Source Engine, Buildah has several advantages.

  • The tool makes it possible to mount a working container's filesystem, so it becomes accessible by the host.

  • The process of building container images using Buildah can be automated via scripts by using Buildah's subcommands instead of a Containerfile or Dockerfile.

  • Similar to Podman, Buildah does not require a daemon to run and can be used by unprivileged users.

  • It is possible to build images inside a container without mounting the Docker socket, which improves security.

11.1 Podman and Buildah Edit source

Both Podman and Buildah can be used to build container images. While Podman makes it possible to build images using Dockerfiles, Buildah offers an expanded range of image building options and capabilities.

11.2 Buildah Installation Edit source

To install Buildah, run the sudo zypper in buildah. Run buildah --version to check whether Buildah has been installed successfully.

If you already have Podman installed and set up for use in the rootless mode, Buildah can be used in an unprivileged environment without any further configuration. If you need to enable the rootless mode for Buildah, run the following command:

tux > sudo usermod --add-subuids 200000-201000 --add-subgids 200000-201000 $USER

This command enables the rootless mode for the current user. After running the command, log out and log in again to enable the changes.

The command above defines a range of local uids on the host, on to which the uids allocated to users inside the container are mapped. Note that the ranges defined for different users must not overlap. It is also important that the ranges do not reuse the uid of any existing local users or groups. By default, adding a user with the useradd on SLES 15, automatically allocates subuid and subgid ranges.

Note: Buildah in rootless mode

In the rootless mode, Buildah commands must be executed in a modified user namespace of the user. To enter this user namespace, run the command buildah unshare. Otherwise, the buildah mount command will fail.

11.3 Building Images with Buildah Edit source

Instead of a special file with instructions, Buildah uses individual commands to build an image. Building an image with Buildah involves several steps: run a container based on the specified image, edit container (install packages, configure settings, etc.), configure container options, commit all changes into a new image. While this process may include additional steps, such as mounting the container's filesystem and working with it, the basic workflow logic remains the same.

The following example can give you a general idea of how to build an image with Buildah.

Example 11.1: Build image example
container=$(buildah from suse/sle15) 1
buildah run $container zypper up 2
buildah copy $container . /usr/src/example/ 3
buildah config --workingdir /usr/src/example $container
buildah config --port 8000 $container
buildah config --cmd "php -S" $container 4
buildah config --label maintainer="Tux" $container
buildah config --label version="0.1" $container 5
buildah commit $container example 6
buildah rm $container 7


Run a container (also called a working container) based on the specified image (in this case, sle15).


Run a command in the working container you just created. In this example, Buildah runs the zypper up command.


Copy files and directories to the specified location in the container. In this example, Buildah copies the entire contents of the current directory to /usr/src/example/.


The buildah config commands specify container options. This includes defining a working directory, exposing a port, and running a command inside the container.


The buildah config --label command allows you to assign labels to the container. This may include the maintainer, description, version, and so on.


Create an image from the working container by committing all the modifications.


Delete the working container.

Print this page