In versions of podman prior to 4.0, the pause container was fetched from an online registry. The default containers.conf file (which installed in /usr/share/containers/) provided by the containers-common package overrides the infra_image option to use the image "registry.access.redhat.com/ubi8/pause" instead of the upstream podman default "k8s.gcr.io/pause:3.4.1".

However, in podman 4.0 a pause image is built locally so that there is no need for Internet access to create a pod. RHCOS has included podman 4.0.2 since at least 4.11, but the old config file is still used in both 4.11 and 4.12. This means that Internet access is still required to create a pod, even though podman could provide everything we need locally. It may also be the case that other intended changes in the config for 4.0 are missing. Certainly the comments documenting the infra_image option are also out of date.

The correct 4.0 config appears in the RHEL 8.6 (fixed in 2:1-21) and RHEL 9 (fixed in 2:1-27) branches of containers-common; it appears to be only RHCOS that is not up to date.