diff --git a/rip_docker/README.md b/rip_docker/README.md
index 2b5aac0..ddcb358 100644
--- a/rip_docker/README.md
+++ b/rip_docker/README.md
@@ -6,9 +6,16 @@ You need vagrant: `brew install vagrant`
 
 ```sh
 vagrant up
-vagrant ssh -- /vagrant/build-iso.sh 
+vagrant ssh -- /vagrant/build-iso.sh
+vagrant destroy
 ```
 
+This takes awhile to run. It:
+
+- Builds a new `dangerzone-converter` docker image
+- Builds an ISO, which includes a copy of this image
+- Outputs the ISO, as well as vmlinuz and initramfs files, in the `vm` folder
+
 ## Run the VM
 
 ```sh
diff --git a/rip_docker/Vagrantfile b/rip_docker/Vagrantfile
index cef17a3..194b33c 100644
--- a/rip_docker/Vagrantfile
+++ b/rip_docker/Vagrantfile
@@ -6,9 +6,15 @@ Vagrant.configure("2") do |config|
   config.vm.synced_folder "../../dangerzone-converter", "/opt/dangerzone-converter"
   config.vm.synced_folder ".", "/vagrant"
   config.vm.provision "shell", inline: <<-SHELL
+    sed -i 's/3.13/3.14/' /etc/apk/repositories 
     apk update
     apk add alpine-sdk build-base apk-tools alpine-conf busybox fakeroot syslinux xorriso squashfs-tools sudo
     apk add mtools dosfstools grub-efi
-    apk add p7zip
+    apk add podman p7zip
+    echo "user:100000:65536" >> /etc/subuid
+    echo "user:100000:65536" >> /etc/subgid
+    adduser user -D -G abuild
+    echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild
+    sudo -u user abuild-keygen -i -a -n
   SHELL
 end
diff --git a/rip_docker/build-iso.sh b/rip_docker/build-iso.sh
index 914fd25..984ed89 100755
--- a/rip_docker/build-iso.sh
+++ b/rip_docker/build-iso.sh
@@ -1,21 +1,24 @@
 #!/bin/sh
 
-cd ~/
+# Set up podman
+sudo modprobe fuse
+sudo modprobe tun
+sudo rc-update add cgroups
+sudo rc-service cgroups start
+sudo -u user podman system prune -a -f
 
-# Add build user
-sudo adduser build -D -G abuild
-sudo sh -c 'echo "%abuild ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/abuild'
-
-# Create signing keys
-sudo -u build abuild-keygen -i -a -n
+# Build the podman container
+cd /opt/dangerzone-converter
+sudo -u user podman build . --tag dangerzone
 
 # Setup aports
-if [ -d aports ]; then
+cd ~/
+if [ -d ~/aports ]; then
     echo "already downloaded"
 else
     wget https://gitlab.alpinelinux.org/alpine/aports/-/archive/master/aports-master.tar.gz
-    tar -xf aports-master.tar.gz
-    mv aports-master aports
+    tar -xf ~/aports-master.tar.gz
+    mv ~/aports-master ~/aports
 fi
 cp /vagrant/mkimg.dangerzone.sh ~/aports/scripts/
 cp /vagrant/genapkovl-dangerzone.sh ~/aports/scripts/
@@ -29,7 +32,7 @@ chmod 777 /vagrant/vm
 
 # Make the iso
 cd ~/aports/scripts
-sudo -u build sh mkimage.sh --tag v3.14 \
+sudo -u user sh mkimage.sh --tag v3.14 \
     --outdir /vagrant/vm \
     --arch x86_64 \
     --repository http://dl-cdn.alpinelinux.org/alpine/v3.14/main \
@@ -37,7 +40,6 @@ sudo -u build sh mkimage.sh --tag v3.14 \
     --profile dangerzone
 
 # Fix permissions
-chown -R vagrant:vangrant /vagrant/vm
 chmod 755 /vagrant/vm
 chmod 644 /vagrant/vm/*
 
diff --git a/rip_docker/genapkovl-dangerzone.sh b/rip_docker/genapkovl-dangerzone.sh
index 56ed20d..e8dc12e 100644
--- a/rip_docker/genapkovl-dangerzone.sh
+++ b/rip_docker/genapkovl-dangerzone.sh
@@ -71,15 +71,27 @@ start_pre() {
 	/sbin/setup-alpine -f /etc/answers.txt -e -q
 
     # Create user, give the dangerzone-vm-key ssh access
-    /usr/sbin/adduser -D user
+    /usr/sbin/adduser -D -u 1001 user
     mkdir -p /home/user/.ssh
     echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmxIw2etg2IxY77GOFe/6tuMH/K5c1gsz3qPY/s7rZF dangerzone-vm-key" > /home/user/.ssh/authorized_keys
     chown -R user:user /home/user/.ssh
     chmod 700 /home/user/.ssh
     chmod 600 /home/user/.ssh/authorized_keys
+
+	# Move containers into home dir
+	mkdir -p /home/user/.local/share
+	mv /etc/container-data /home/user/.local/share/containers
+	chown -R user:user /home/user/.local
+
+	# Allow podman containers to run
+	echo "user:100000:65536" >> /etc/subuid
+    echo "user:100000:65536" >> /etc/subgid
 }
 EOF
 
+# Add the containers to /etc/container-data, temporarily
+cp -r /home/user/.local/share/containers "$tmp"/etc/container-data
+
 # Start cgroups, required by podman
 rc_add cgroups boot
 
diff --git a/rip_docker/mkimg.dangerzone.sh b/rip_docker/mkimg.dangerzone.sh
index 2da2899..2ff10b5 100644
--- a/rip_docker/mkimg.dangerzone.sh
+++ b/rip_docker/mkimg.dangerzone.sh
@@ -2,7 +2,7 @@ profile_dangerzone() {
 	profile_standard
 	profile_abbrev="dangerzone"
 	title="Dangerzone"
-	desc="Copied from virt but with extra apks"
+	desc="Copied from virt but with extra apks and an apkovl"
 	arch="aarch64 armv7 x86 x86_64"
 	kernel_addons=
 	kernel_flavors="virt"
diff --git a/rip_docker/run-vm.sh b/rip_docker/run-vm.sh
index aaff2ba..860beff 100755
--- a/rip_docker/run-vm.sh
+++ b/rip_docker/run-vm.sh
@@ -12,7 +12,7 @@ trap 'test -f $PIDFILE && kill `cat $PIDFILE` && rm $PIDFILE' EXIT
 
 $HYPERKIT \
     -A -u \
-    -m 2G \
+    -m 4G \
     -c 2 \
     -s 0:0,hostbridge -s 31,lpc \
     -l com1,stdio \