diff --git a/podman.spec b/podman.spec
index 312a08d..56210b5 100644
--- a/podman.spec
+++ b/podman.spec
@@ -1,109 +1,24 @@
 %define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld '" -a -v -x %{?**};
 
 Name:          podman
-Version:       4.5.1
-Release:       2
-Summary:       A daemonless container engine for managing Containers
+Version:       4.9.3
+Release:       1
+Summary:       A tool for managing OCI containers and pods.
 Epoch:         1
 License:       Apache-2.0 and MIT
 URL:           https://podman.io/
-Source0:       https://github.com/containers/podman/archive/refs/tags/v4.5.1.tar.gz
+Source0:       https://github.com/containers/podman/archive/refs/tags/v%{version}.tar.gz
 Source1:       https://github.com/containers/dnsname/archive/18822f9a4fb35d1349eb256f4cd2bfd372474d84/dnsname-18822f9.tar.gz
-Source2:       https://github.com/containers/podman-machine-cni/archive/0749884b8d1a455c68da30789e37811ec0809d51/podman-machine-cni-0749884.tar.gz
-Source3:       https://github.com/containers/gvisor-tap-vsock/archive/refs/tags/v0.7.1.tar.gz
-Source4:       https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.2.tar.gz
+Source2:       https://github.com/containers/gvisor-tap-vsock/archive/refs/tags/v0.7.1.tar.gz
+Source3:       https://github.com/cpuguy83/go-md2man/archive/refs/tags/v2.0.3.tar.gz
 
 BuildRequires: gcc golang btrfs-progs-devel glib2-devel glibc-devel glibc-static
-BuildRequires: gpgme-devel libassuan-devel libgpg-error-devel libseccomp-devel
-BuildRequires: libselinux-devel ostree-devel pkgconfig make git systemd systemd-devel shadow-subid-devel
-Requires:      crun containers-common containernetworking-plugins >= 0.7.3-2 iptables nftables conmon
-Requires:      (container-selinux if selinux-policy) catatonit
-Recommends:    %{name}-plugins = %{epoch}:%{version}-%{release}
-Recommends:    slirp4netns
-
-Provides: %{name}-quadlet
-Provides: %{name}-quadlet = %{epoch}:%{version}-%{release}
-Provides: bundled(golang(github.com/BurntSushi/toml))
-Provides: bundled(golang(github.com/blang/semver/v4))
-Provides: bundled(golang(github.com/buger/goterm))
-Provides: bundled(golang(github.com/checkpoint-restore/checkpointctl/lib))
-Provides: bundled(golang(github.com/checkpoint-restore/go-criu/v6))
-Provides: bundled(golang(github.com/container-orchestrated-devices/container-device-interface/pkg/cdi))
-Provides: bundled(golang(github.com/containernetworking/cni))
-Provides: bundled(golang(github.com/containernetworking/plugins))
-Provides: bundled(golang(github.com/containers/buildah))
-Provides: bundled(golang(github.com/containers/common/libimage))
-Provides: bundled(golang(github.com/containers/common/libnetwork))
-Provides: bundled(golang(github.com/containers/common/pkg))
-Provides: bundled(golang(github.com/containers/conmon/runner/config))
-Provides: bundled(golang(github.com/containers/image/v5))
-Provides: bundled(golang(github.com/containers/ocicrypt/config))
-Provides: bundled(golang(github.com/containers/ocicrypt/helpers))
-Provides: bundled(golang(github.com/containers/psgo))
-Provides: bundled(golang(github.com/containers/storage))
-Provides: bundled(golang(github.com/coreos/go-systemd/v22))
-Provides: bundled(golang(github.com/coreos/stream-metadata-go))
-Provides: bundled(golang(github.com/cyphar/filepath-securejoin))
-Provides: bundled(golang(github.com/digitalocean/go-qemu/qmp))
-Provides: bundled(golang(github.com/docker/docker/api/types))
-Provides: bundled(golang(github.com/docker/docker/pkg/homedir))
-Provides: bundled(golang(github.com/docker/docker/pkg/jsonmessage))
-Provides: bundled(golang(github.com/docker/docker/pkg/namesgenerator))
-Provides: bundled(golang(github.com/docker/docker/pkg/parsers))
-Provides: bundled(golang(github.com/docker/docker/pkg/system))
-Provides: bundled(golang(github.com/docker/distribution))
-Provides: bundled(golang(github.com/docker/go-connections))
-Provides: bundled(golang(github.com/docker/go-plugins-helpers/sdk))
-Provides: bundled(golang(github.com/docker/go-plugins-helpers/volume))
-Provides: bundled(golang(github.com/docker/go-units))
-Provides: bundled(golang(github.com/fsnotify/fsnotify))
-Provides: bundled(golang(github.com/godbus/dbus/v5))
-Provides: bundled(golang(github.com/google/gofuzz))
-Provides: bundled(golang(github.com/google/shlex))
-Provides: bundled(golang(github.com/google/uuid))
-Provides: bundled(golang(github.com/gorilla/handlers))
-Provides: bundled(golang(github.com/gorilla/mux))
-Provides: bundled(golang(github.com/gorilla/schema))
-Provides: bundled(golang(github.com/hashicorp/go-multierror))
-Provides: bundled(golang(github.com/json-iterator/go))
-Provides: bundled(golang(github.com/mattn/go-sqlite3))
-Provides: bundled(golang(github.com/moby/term))
-Provides: bundled(golang(github.com/nxadm/tail))
-Provides: bundled(golang(github.com/nxadm/tail/watch))
-Provides: bundled(golang(github.com/onsi/ginkgo))
-Provides: bundled(golang(github.com/onsi/gomega))
-Provides: bundled(golang(github.com/opencontainers/go-digest))
-Provides: bundled(golang(github.com/opencontainers/image-spec/specs-go/v1))
-Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/cgroups))
-Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/configs))
-Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/devices))
-Provides: bundled(golang(github.com/opencontainers/runc/libcontainer/user))
-Provides: bundled(golang(github.com/opencontainers/runtime-spec/specs-go))
-Provides: bundled(golang(github.com/opencontainers/runtime-tools/generate))
-Provides: bundled(golang(github.com/opencontainers/runtime-tools/validate/capabilities))
-Provides: bundled(golang(github.com/opencontainers/selinux/go-selinux))
-Provides: bundled(golang(github.com/opencontainers/selinux/go-selinux/label))
-Provides: bundled(golang(github.com/openshift/imagebuilder))
-Provides: bundled(golang(github.com/rootless-containers/rootlesskit/pkg/port))
-Provides: bundled(golang(github.com/rootless-containers/rootlesskit/pkg/port/builtin))
-Provides: bundled(golang(github.com/rootless-containers/rootlesskit/pkg/port/portutil))
-Provides: bundled(golang(github.com/sirupsen/logrus))
-Provides: bundled(golang(github.com/spf13/cobra))
-Provides: bundled(golang(github.com/spf13/pflag))
-Provides: bundled(golang(github.com/syndtr/gocapability/capability))
-Provides: bundled(golang(github.com/ulikunitz/xz))
-Provides: bundled(golang(github.com/vbauerster/mpb/v8))
-Provides: bundled(golang(github.com/vbauerster/mpb/v8/decor))
-Provides: bundled(golang(github.com/vishvananda/netlink))
-Provides: bundled(golang(go.etcd.io/bbolt))
-Provides: bundled(golang(golang.org/x/net/proxy))
-Provides: bundled(golang(golang.org/x/sync/semaphore))
-Provides: bundled(golang(golang.org/x/sys/unix))
-Provides: bundled(golang(golang.org/x/term))
-Provides: bundled(golang(google.golang.org/protobuf/proto))
-Provides: bundled(golang(gopkg.in/inf.v0))
-Provides: bundled(golang(gopkg.in/yaml.v3))
-Provides: bundled(golang(sigs.k8s.io/yaml))
+BuildRequires: gpgme-devel libassuan-devel libgpg-error-devel libseccomp-devel libselinux-devel
+BuildRequires: ostree-devel pkgconfig make git-core systemd systemd-devel shadow-subid-devel man-db
+Requires:      crun containers-common iptables nftables conmon container-selinux catatonit
+Provides:      %{name}-quadlet
+Obsoletes:     %{name}-quadlet <= 5:4.4.0-1
+Provides:      %{name}-quadlet = %{epoch}:%{version}-%{release}
 
 %description
 Podman manages the entire container ecosystem which includes pods,
@@ -118,9 +33,6 @@ Conflicts:      docker docker-latest docker-ce docker-ee moby-engine
 %description docker
 This package installs a script named docker, which emulates the Docker CLI through podman command.
 
-%package remote
-Summary: (Experimental) Remote client for managing %{name} containers
-
 %package tests
 Summary: Tests for %{name}
 
@@ -140,6 +52,9 @@ Requires: gnupg
 
 This package contains system tests for %{name}
 
+%package remote
+Summary: (Experimental) Remote client for managing %{name} containers
+
 %description remote
 Remote client for managing %{name} containers.
 
@@ -179,15 +94,28 @@ Conflicts:      docker docker-latest docker-ce docker-ee moby-engine
 %description help
 Help document for the podman package
 
+%package -n %{name}sh
+Summary: Confined login and user shell using %{name}
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Provides: %{name}-shell = %{epoch}:%{version}-%{release}
+Provides: %{name}-%{name}sh = %{epoch}:%{version}-%{release}
+
+%description -n %{name}sh
+%{name}sh provides a confined login and user shell with access to volumes and
+capabilities specified in user quadlets.
+
+It is a symlink to %{_bindir}/%{name} and execs into the `%{name}sh` container
+when `%{_bindir}/%{name}sh` is set as a login shell or set as os.Args[0].
+
 %prep
 %autosetup -Sgit -n %{name}-%{version}
+sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile
 # untar dnsname
 tar zxf %{SOURCE1}
-# untar %%{name}-machine-cni
-tar zxf %{SOURCE2}
 # untar %%{name}-gvproxy
+tar zxf %{SOURCE2}
+# untar go-md2man
 tar zxf %{SOURCE3}
-tar -xf %SOURCE4
 
 %build
 GO_MD2MAN_PATH="$(pwd)%{_bindir}"
@@ -199,45 +127,35 @@ export PATH=$GO_MD2MAN_PATH:$PATH
 cd -
 
 %set_build_flags
-export GO111MODULE=off
-export GOPATH=$(pwd)/_build:$(pwd)
+export GO111MODULE=on
 export CGO_CFLAGS=$CFLAGS
 export CGO_CFLAGS="$CGO_CFLAGS -Wno-unused-function"
-# These extra flags present in $CFLAGS have been skipped for now as they break the build
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
-CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
 
 %ifarch x86_64
 export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection=full"
 %endif
 
-mkdir _build
-pushd _build
-mkdir -p src/github.com/containers
-ln -s ../../../../ src/github.com/containers/podman
-popd
-ln -s vendor src
-
-# build date. FIXME: Makefile uses '/v2/libpod', that doesn't work here?
-LDFLAGS="-X github.com/containers/podman/libpod/define.buildInfo=$(date +%s)"
+LDFLAGS="-X %{ld_libpod}/define.buildInfo=$(date +%s) \
+         -X %{ld_libpod}/config._installPrefix=%{_prefix} \
+         -X %{ld_libpod}/config._etcDir=%{_sysconfdir} \
+         -X %{ld_project}/pkg/systemd/quadlet._binDir=%{_bindir}"
 
 # build rootlessport first
-%gobuild -o bin/rootlessport github.com/containers/podman/cmd/rootlessport
+%gobuild -o bin/rootlessport ./cmd/rootlessport
 
 export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)"
 
 # build %%{name}
 export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)"
-%gobuild -o bin/%{name} github.com/containers/podman/cmd/%{name}
+%gobuild -o bin/%{name} ./cmd/%{name}
 
 # build %%{name}-remote
 export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote"
-%gobuild -o bin/%{name}-remote github.com/containers/podman/cmd/%{name}
+%gobuild -o bin/%{name}-remote ./cmd/%{name}
 
 # build quadlet
 export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)"
-%gobuild -o bin/quadlet github.com/containers/podman/cmd/quadlet
+%gobuild -o bin/quadlet ./cmd/quadlet
 
 pushd dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84
 mkdir _build
@@ -251,18 +169,6 @@ export GOPATH=$(pwd)/_build:$(pwd)
 %gobuild -o bin/dnsname github.com/containers/dnsname/plugins/meta/dnsname
 popd
 
-pushd podman-machine-cni-0749884b8d1a455c68da30789e37811ec0809d51
-mkdir _build
-pushd _build
-mkdir -p src/github.com/containers
-ln -s ../../../../ src/github.com/containers/podman-machine-cni
-popd
-ln -s vendor src
-export GO111MODULE=off
-export GOPATH=$(pwd)/_build:$(pwd)
-%gobuild -o bin/%{name}-machine github.com/containers/podman-machine-cni/plugins/meta/%{name}-machine
-popd
-
 pushd gvisor-tap-vsock-0.7.1
 export GO111MODULE=on
 export GOFLAGS=-mod=vendor
@@ -274,29 +180,24 @@ popd
 make docs docker-docs
 
 %install
-PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \
-        install.bin install.man install.systemd install.completions install.docker install.docker-docs install.remote
+install -dp %{buildroot}%{_unitdir}
+PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{_sysconfdir} \
+        install.bin \
+        install.man \
+        install.systemd \
+        install.completions \
+        install.docker \
+        install.docker-docs \
+        install.remote \
+        install.modules-load
 
 sed -i 's;%{buildroot};;g' %{buildroot}%{_bindir}/docker
 
-for unit_file in %{buildroot}%{_unitdir}/*.service; do
-  sed -i 's;%{buildroot};;g' ${unit_file}
-done
-
-for user_unit_file in %{buildroot}%{_userunitdir}/*.service; do
-  sed -i 's;%{buildroot};;g' ${user_unit_file}
-done
-
 # install dnsname plugin
 pushd dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84
 %{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
 popd
 
-# install machine-cni plugin
-pushd podman-machine-cni-0749884b8d1a455c68da30789e37811ec0809d51
-%{__make} PREFIX=%{_prefix} DESTDIR=%{buildroot} install
-popd
-
 # install gvproxy
 pushd gvisor-tap-vsock-0.7.1
 install -dp %{buildroot}%{_libexecdir}/%{name}
@@ -334,6 +235,7 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %{_tmpfilesdir}/%{name}.conf
 %{_systemdgeneratordir}/%{name}-system-generator
 %{_systemdusergeneratordir}/%{name}-user-generator
+%{_modulesloaddir}/%{name}-iptables.conf
 
 %files docker
 %{_bindir}/docker
@@ -363,7 +265,6 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %doc dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84/{README.md,README_PODMAN.md}
 %dir %{_libexecdir}/cni
 %{_libexecdir}/cni/dnsname
-%{_libexecdir}/cni/podman-machine
 
 %files gvproxy
 %license gvisor-tap-vsock-0.7.1/LICENSE
@@ -372,7 +273,14 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/
 %{_libexecdir}/%{name}/gvproxy
 %{_libexecdir}/%{name}/gvforwarder
 
+%files -n %{name}sh
+%{_bindir}/%{name}sh
+
 %changelog
+* Sun Feb 25 2024 lijian <lijian2@kylinos.cn> 1:4.9.3-1
+- update to 4.9.3
+- delete plugin podman-machine-cni
+
 * Mon Feb 19 2024 lijian <lijian2@kylinos.cn> 1:4.5.1-2
 - Resolve compilation failure with issue I9248E
 
diff --git a/v2.0.2.tar.gz b/v2.0.2.tar.gz
deleted file mode 100644
index 31857bc..0000000
Binary files a/v2.0.2.tar.gz and /dev/null differ
diff --git a/v2.0.3.tar.gz b/v2.0.3.tar.gz
new file mode 100644
index 0000000..afd2d0c
Binary files /dev/null and b/v2.0.3.tar.gz differ
diff --git a/v4.5.1.tar.gz b/v4.9.3.tar.gz
similarity index 59%
rename from v4.5.1.tar.gz
rename to v4.9.3.tar.gz
index 9ba72df..6b8942f 100644
Binary files a/v4.5.1.tar.gz and b/v4.9.3.tar.gz differ