podman doesn't respect default_network setting on rootless mode

[Edu4rdSHL]

Issue Description

I want that all my new created containers belong to a specific bridge network, so I set the following on my $HOME/.config/containers/containers.conf

[network]
default_network = "podman"

And then restarted the user's podman.{service,socket} but podman run ... still doesn't use my default network. Explicitly setting --network=podman on podman run, works.

Steps to reproduce the issue

Steps to reproduce the issue

1. Add [network]\ndefault_network = "podman" to $HOME/.config/containers/containers.conf
2. Restart the podman's user services
3. Run podman run again.

Describe the results you received

Containers are still not using the bridged network podman.

Describe the results you expected

Containers used the podman network by default.

podman info output

host:
  arch: amd64
  buildahVersion: 1.39.0
  cgroupControllers:
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-1:2.1.12-1
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: e8896631295ccb0bfdda4284f1751be19b483264'
  cpuUtilization:
    idlePercent: 97.49
    systemPercent: 0.61
    userPercent: 1.9
  cpus: 32
  databaseBackend: sqlite
  distribution:
    distribution: arch
    version: unknown
  eventLogger: file
  freeLocks: 2013
  hostname: Behemoth
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1001
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 10000
      size: 65536
  kernel: 6.13.3-2-cachyos
  linkmode: dynamic
  logDriver: journald
  memFree: 13014102016
  memTotal: 67323428864
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.14.0-1
      path: /usr/lib/podman/aardvark-dns
      version: aardvark-dns 1.14.0
    package: netavark-1.14.0-1
    path: /usr/lib/podman/netavark
    version: netavark 1.14.0
  ociRuntime:
    name: runc
    package: runc-1.2.5-1
    path: /usr/bin/runc
    version: |-
      runc version 1.2.5
      spec: 1.2.0
      go: go1.24.0
      libseccomp: 2.5.5
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-2025_02_17.a1e48a0-1
    version: ""
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 6442446848
  swapTotal: 6442446848
  uptime: 43h 21m 47.00s (Approximately 1.79 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /home/edu4rdshl/.config/containers/storage.conf
  containerStore:
    number: 7
    paused: 0
    running: 7
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/edu4rdshl/.local/share/containers/storage
  graphRootAllocated: 2041438363648
  graphRootUsed: 1738454384640
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 19
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/edu4rdshl/.local/share/containers/storage/volumes
version:
  APIVersion: 5.4.0
  Built: 1739309709
  BuiltTime: Tue Feb 11 16:35:09 2025
  GitCommit: f9f7d48b24b1ca4403f189caaeab1cb8ff4a9aa2
  GoVersion: go1.24.0
  Os: linux
  OsArch: linux/amd64
  Version: 5.4.0

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

No response

Additional information

No response

[Luap99]

The default_network only specifies the network name (i.e. the one seen by podman network ls). It does not change the default network mode in use by containers.
To chnage that you must configure the netns option under the [containers] section.

I do acknowledge that the containers.conf man page does not make it really clear.

[Edu4rdSHL]

Thanks. According to the documentation, these are the options for netns:

# Default way to to create a Network namespace for the container
# Options are:
# `private` Create private Network Namespace for the container.
# `host`    Share host Network Namespace with the container.
# `none`    Containers do not use the network
#
#netns = "private"

And private is the default. So, there's no way to tell Podman “use this network name by default for new containers from now on”?

[Luap99]

You can set it to whatever --network accepts for podman at least

[Edu4rdSHL]

Thanks! It does work, indeed. It would be good to clarify that in the documentation, imo, it's unclear that the default_network doesn't do what you think, and the netns option only tells you that three options are supported.

I will leave it opened for tracking, but you are welcome to close it if you like.