2 files changed, 24 insertions, 5 deletions

diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index b87375a92..b52e8d100 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -157,6 +157,16 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 	case specgen.KeepID:
 		if rootless.IsRootless() {
 			toReturn = append(toReturn, libpod.WithAddCurrentUserPasswdEntry())
+
+			// If user is not overridden, set user in the container
+			// to user running Podman.
+			if s.User == "" {
+				_, uid, gid, err := util.GetKeepIDMapping()
+				if err != nil {
+					return nil, err
+				}
+				toReturn = append(toReturn, libpod.WithUser(fmt.Sprintf("%d:%d", uid, gid)))
+			}
 		} else {
 			// keep-id as root doesn't need a user namespace
 			s.UserNS.NSMode = specgen.Host
@@ -236,9 +246,6 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
 	case specgen.Private:
 		fallthrough
 	case specgen.Bridge:
-		if postConfigureNetNS && rootless.IsRootless() {
-			return nil, errors.New("CNI networks not supported with user namespaces")
-		}
 		portMappings, err := createPortMappings(ctx, s, img)
 		if err != nil {
 			return nil, err
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 5d7bf1930..20151f016 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/containers/podman/v3/libpod"
+	"github.com/containers/podman/v3/pkg/rootless"
 	"github.com/containers/podman/v3/pkg/specgen"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -94,8 +95,19 @@ func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod
 	}
 
 	switch p.NetNS.NSMode {
-	case specgen.Bridge, specgen.Default, "":
-		logrus.Debugf("Pod using default network mode")
+	case specgen.Default, "":
+		if p.NoInfra {
+			logrus.Debugf("No networking because the infra container is missing")
+			break
+		}
+		if rootless.IsRootless() {
+			logrus.Debugf("Pod will use slirp4netns")
+			options = append(options, libpod.WithPodSlirp4netns(p.NetworkOptions))
+		} else {
+			logrus.Debugf("Pod using bridge network mode")
+		}
+	case specgen.Bridge:
+		logrus.Debugf("Pod using bridge network mode")
 	case specgen.Host:
 		logrus.Debugf("Pod will use host networking")
 		options = append(options, libpod.WithPodHostNetwork())