2 files changed, 7 insertions, 3 deletions

diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 278f35c22..f41186ae4 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -66,7 +66,7 @@ func GetDefaultNamespaceMode(nsType string, cfg *config.Config, pod *libpod.Pod)
 	case "cgroup":
 		return specgen.ParseCgroupNamespace(cfg.Containers.CgroupNS)
 	case "net":
-		ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS)
+		ns, _, err := specgen.ParseNetworkNamespace(cfg.Containers.NetNS, cfg.Containers.RootlessNetworking == "cni")
 		return ns, err
 	}
 
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index f665fc0be..80852930a 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -253,7 +253,7 @@ func ParseUserNamespace(ns string) (Namespace, error) {
 // ParseNetworkNamespace parses a network namespace specification in string
 // form.
 // Returns a namespace and (optionally) a list of CNI networks to join.
-func ParseNetworkNamespace(ns string) (Namespace, []string, error) {
+func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []string, error) {
 	toReturn := Namespace{}
 	var cniNetworks []string
 	// Net defaults to Slirp on rootless
@@ -264,7 +264,11 @@ func ParseNetworkNamespace(ns string) (Namespace, []string, error) {
 		toReturn.NSMode = FromPod
 	case ns == "" || ns == string(Default) || ns == string(Private):
 		if rootless.IsRootless() {
-			toReturn.NSMode = Slirp
+			if rootlessDefaultCNI {
+				toReturn.NSMode = Bridge
+			} else {
+				toReturn.NSMode = Slirp
+			}
 		} else {
 			toReturn.NSMode = Bridge
 		}