@@ -319,7 +319,8 @@ With the networking mode set to `container` a container will share the

 network stack of another container.  The other container's name must be

 provided in the format of `--net container:<name|id>`. Note that `--add-host` 

 `--hostname` `--dns` `--dns-search` and `--mac-address` is invalid 

-in `container` netmode.

+in `container` netmode, and `--publish` `--publish-all` `--expose` are also

+invalid in `container` netmode.

 Example running a Redis container with Redis binding to `localhost` then

 running the `redis-cli` command and connecting to the Redis server over the

@@ -3177,3 +3177,30 @@ func (s *DockerSuite) TestDevicePermissions(c *check.C) {

 		c.Fatalf("output should begin with %q, got %q", permissions, out)

 	}

 }

+

+func (s *DockerSuite) TestRunContainerNetModeWithExposePort(c *check.C) {

+	cmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "busybox", "top")

+	out, _, err := runCommandWithOutput(cmd)

+	if err != nil {

+		c.Fatalf("failed to run container: %v, output: %q", err, out)

+	}

+

+	cmd = exec.Command(dockerBinary, "run", "-p", "5000:5000", "--net=container:parent", "busybox")

+	out, _, err = runCommandWithOutput(cmd)

+	if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") {

+		c.Fatalf("run --net=container with -p should error out")

+	}

+

+	cmd = exec.Command(dockerBinary, "run", "-P", "--net=container:parent", "busybox")

+	out, _, err = runCommandWithOutput(cmd)

+	if err == nil || !strings.Contains(out, "Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)") {

+		c.Fatalf("run --net=container with -P should error out")

+	}

+

+	cmd = exec.Command(dockerBinary, "run", "--expose", "5000", "--net=container:parent", "busybox")

+	out, _, err = runCommandWithOutput(cmd)

+	if err == nil || !strings.Contains(out, "Conflicting options: --expose and the network mode (--expose)") {

+		c.Fatalf("run --net=container with --expose should error out")

+	}

+

+}

@@ -20,6 +20,8 @@ var (

 	ErrConflictHostNetworkAndLinks      = fmt.Errorf("Conflicting options: --net=host can't be used with links. This would result in undefined behavior")

 	ErrConflictContainerNetworkAndMac   = fmt.Errorf("Conflicting options: --mac-address and the network mode (--net)")

 	ErrConflictNetworkHosts             = fmt.Errorf("Conflicting options: --add-host and the network mode (--net)")

+	ErrConflictNetworkPublishPorts      = fmt.Errorf("Conflicting options: -p, -P, --publish-all, --publish and the network mode (--net)")

+	ErrConflictNetworkExposePorts       = fmt.Errorf("Conflicting options: --expose and the network mode (--expose)")

 )

 func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSet, error) {

@@ -143,6 +145,13 @@ func Parse(cmd *flag.FlagSet, args []string) (*Config, *HostConfig, *flag.FlagSe

 		return nil, nil, cmd, ErrConflictContainerNetworkAndMac

 	}

+	if netMode.IsContainer() && (flPublish.Len() > 0 || *flPublishAll == true) {

+		return nil, nil, cmd, ErrConflictNetworkPublishPorts

+	}

+

+	if netMode.IsContainer() && flExpose.Len() > 0 {

+		return nil, nil, cmd, ErrConflictNetworkExposePorts

+	}

 	// Validate the input mac address

 	if *flMacAddress != "" {

 		if _, err := opts.ValidateMACAddress(*flMacAddress); err != nil {