Normal In rootless mode, Podman should use slirp4netns networking, where containers do not receive a real IP address.
However, when explicitly specifying --net podman, containers are observed to receive an IP address, which contradicts the expected behavior.
Without --net podman, Containers behave correctly and do not have an IP assigned.
$ podman version Client: Podman Engine Version: 5.2.2 API Version: 5.2.2 Go Version: go1.23.6 (Red Hat 1.23.6-2.el9_5) Built: Mon Mar 17 08:03:54 2025 OS/Arch: linux/amd64 $ podman run --name cont1 -d quay.io/redhattraining/hello-world-nginx a7ab90668e3647acd918f564b2a05c2c85e0ad622457e5c2f50490fd8b902f1b $ podman run --name cont2 --net podman -d quay.io/redhattraining/hello-world-nginx a6476a4a690144944c5048ccb820f67229da1bb0f923d419dd418db89cd9de02 $ podman inspect cont1 | grep -i ipaddress "IPAddress": "", $ podman inspect cont2 | grep -i ipaddress "IPAddress": "10.88.0.8", "IPAddress": "10.88.0.8",
[
{
"name": "podman",
"id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9",
"driver": "bridge",
"network_interface": "podman0",
"created": "2025-04-28T04:44:52.844289258-05:00",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": false,
"ipam_options": {
"driver": "host-local"
}
Expected Result: In both cases, container should not have an IP address.
Actual Result: With --net podman, container has an IP address.
Why this is a bug / needs clarification:
- Rootless containers should not join a real CNI bridge — slirp4netns is the enforced mode unless root privileges or special capabilities are available.
- Appending --net podman should not alter the expected network behavior if podman is slirp4netns-backed.
