2 files changed, 10 insertions, 5 deletions

diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 7716fc150..2333f2f7e 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -260,6 +260,8 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 	// If some mappings are specified, assume a private user namespace
 	if userNS.IsDefaultValue() && (!s.IDMappings.HostUIDMapping || !s.IDMappings.HostGIDMapping) {
 		s.UserNS.NSMode = specgen.Private
+	} else {
+		s.UserNS.NSMode = specgen.NamespaceMode(userNS)
 	}
 
 	s.Terminal = c.TTY
diff --git a/cmd/podman/common/util.go b/cmd/podman/common/util.go
index e21e349d9..52b637a78 100644
--- a/cmd/podman/common/util.go
+++ b/cmd/podman/common/util.go
@@ -175,12 +175,15 @@ func parseSplitPort(hostIP, hostPort *string, ctrPort string, protocol *string)
 	if hostIP != nil {
 		if *hostIP == "" {
 			return newPort, errors.Errorf("must provide a non-empty container host IP to publish")
+		} else if *hostIP != "0.0.0.0" {
+			// If hostIP is 0.0.0.0, leave it unset - CNI treats
+			// 0.0.0.0 and empty differently, Docker does not.
+			testIP := net.ParseIP(*hostIP)
+			if testIP == nil {
+				return newPort, errors.Errorf("cannot parse %q as an IP address", *hostIP)
+			}
+			newPort.HostIP = testIP.String()
 		}
-		testIP := net.ParseIP(*hostIP)
-		if testIP == nil {
-			return newPort, errors.Errorf("cannot parse %q as an IP address", *hostIP)
-		}
-		newPort.HostIP = testIP.String()
 	}
 	if hostPort != nil {
 		if *hostPort == "" {