Run weave with userns

[monwolf]

Following best practices for bastion docker in production a year ago we implemented user namespaces and user remap.

we would like to implement at the same time an overlay network and weave seems to fit pretty well with our use case, I tried to launch it as follows:

docker run  --rm --userns=host  --privileged --net host  -v /var/run/docker.sock:/var/run/docker.sock --pid host -v /:/host -e HOST_ROOT=/host -e DOCKERHUB_USER=weaveworks -e WEAVE_VERSION -e WEAVE_DEBUG -e WEAVE_DOCKER_ARGS -e WEAVE_PASSWORD -e WEAVE_PORT -e WEAVE_HTTP_ADDR -e WEAVE_STATUS_ADDR -e WEAVE_CONTAINER_NAME -e WEAVE_MTU -e WEAVE_NO_FASTDP -e WEAVE_NO_BRIDGED_FASTDP -e DOCKER_BRIDGE -e DOCKER_CLIENT_HOST= -e DOCKER_CLIENT_ARGS -e PROXY_HOST=127.0.0.1 -e COVERAGE -e CHECKPOINT_DISABLE -e AWSVPC  weaveworks/weaveexec:2.8.1 --local launch --no-restart --ipalloc-range=

I get:

unable to create container: API error (400): privileged mode is incompatible with user namespaces.  You must run the container in the host namespace when running privileged mode

The only way I found to run this container is removing the flag net, I also tried with the flag network but the same happens.
As expected the container can't run without the host network.

I saw older issues pretty similar:

#3662
#2755

I opened an issue in moby: moby/moby#42846 but I got no response neither.

But there's no response. Has anyone achieved it?