--network=default doesn't mean the same thing as --network=

[Romain-Geissler-1A]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

While debugging some unexpected interactions between a docker client and podman server on my side, I found out that the flag --network=default doesn't mean the same thing as --network= (or the absence of --network=XXX flag). Note that docker docker client will explicitly pass NetworkMode=default when calling the docker daemon HTTP api, if no --network flag was provided to the docker CLI.

Steps to reproduce the issue:

All this was done using the very latest quay.io/podman/upstream image started in privileged mode.

1. Create couple of containers, with different --network flags:

[root@a3a34f67a163 /]# podman create --cidfile=no-explicit-flag fedora
Resolved "fedora" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull registry.fedoraproject.org/fedora:latest...
Getting image source signatures
Copying blob 1842e4e4b562 done
Copying config 19c0ae4dd2 done
Writing manifest to image destination
Storing signatures
b987b9bc53e056f024da0ed0cca4fc9e598edd512df7ffad8dc007d740c3b790
[root@a3a34f67a163 /]# podman create --network= --cidfile=explicitly-empty-flag fedora
92023ad1e615bcea04be21569a1139446a1c0aa2b69d3298d926ef4c5de1d045
[root@a3a34f67a163 /]# podman create --network=default --cidfile=explicitly-default-flag fedora
b7287211a64864d4bad9872c973be2abbde56d67e0f43caa44348aa7717a1944

2. Now inspect a bit the NetworkMode for each (note: I use the quay.io/podman/upstream which has a containers.conf file which hardcodes the network mode to host:

[root@a3a34f67a163 /]# podman inspect $(cat no-explicit-flag)|grep NetworkMode
               "NetworkMode": "host",
[root@a3a34f67a163 /]# podman inspect $(cat explicitly-empty-flag)|grep NetworkMode
               "NetworkMode": "host",
[root@a3a34f67a163 /]# podman inspect $(cat explicitly-default-flag)|grep NetworkMode
               "NetworkMode": "bridge",

3. Now install the Docker CLI, start a podman socket with system service (I won't show how to do it), and try to create a container with no explicit --network flag with the docker client, it will use the bridge mode by default:

[root@a3a34f67a163 /]# DOCKER_HOST=unix:///var/run/podman/podman.sock docker create --cidfile=no-explicit-flag-from-docker-cli fedora
1ebc2db1ef56c75a5588e3c0599c554835a7a352b700856b3fe53fbe1e53b48b
[root@a3a34f67a163 /]# podman --remote inspect $(cat no-explicit-flag-from-docker-cli)|grep NetworkMode
               "NetworkMode": "bridge",

Describe the results you received:

The explicit --network=default flags resolves to the bridge network mode, while I would have expected the host one (in my conditions, as this is one overriden in the containers.conf file).

Describe the results you expected:

I would expect that in the same conditions, a container started explicitly with --network=default (or a container started with the docker CLI without providing any --network flag) uses the host network mode (as this is one overriden in the containers.conf file), just like when we run podman with no explicit --network flag. Basically no matter which client podman vs docker is used, the end result should be the same.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

[root@a3a34f67a163 /]# podman version
Client:       Podman Engine
Version:      4.4.0-dev
API Version:  4.4.0-dev
Go Version:   go1.19.3
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64```