@@ -17,7 +17,7 @@ type CommonConfig struct {

 	AutoRestart    bool

 	Context        map[string][]string

 	CorsHeaders    string

-	DisableNetwork bool

+	DisableBridge  bool

 	Dns            []string

 	DnsSearch      []string

 	EnableCors     bool

@@ -469,7 +469,7 @@ func (container *Container) buildJoinOptions() ([]libnetwork.EndpointOption, err

 			logrus.Error(err)

 		}

-		if c != nil && !container.daemon.config.DisableNetwork && container.hostConfig.NetworkMode.IsPrivate() {

+		if c != nil && !container.daemon.config.DisableBridge && container.hostConfig.NetworkMode.IsPrivate() {

 			logrus.Debugf("Update /etc/hosts of %s for alias %s with ip %s", c.ID, ref.Name, container.NetworkSettings.IPAddress)

 			joinOptions = append(joinOptions, libnetwork.JoinOptionParentUpdate(c.NetworkSettings.EndpointID, ref.Name, container.NetworkSettings.IPAddress))

 			if c.NetworkSettings.EndpointID != "" {

@@ -773,6 +773,11 @@ func (container *Container) secondaryNetworkRequired(primaryNetworkType string)

 	case "bridge", "none", "host", "container":

 		return false

 	}

+

+	if container.daemon.config.DisableBridge {

+		return false

+	}

+

 	if container.Config.ExposedPorts != nil && len(container.Config.ExposedPorts) > 0 {

 		return true

 	}

@@ -803,6 +808,11 @@ func (container *Container) AllocateNetwork() error {

 		return fmt.Errorf("conflicting options: publishing a service and network mode")

 	}

+	if runconfig.NetworkMode(networkDriver).IsBridge() && container.daemon.config.DisableBridge {

+		container.Config.NetworkDisabled = true

+		return nil

+	}

+

 	if service == "" {

 		// dot character "." has a special meaning to support SERVICE[.NETWORK] format.

 		// For backward compatiblity, replacing "." with "-", instead of failing

@@ -897,10 +907,6 @@ func (container *Container) initializeNetworking() error {

 		return nil

 	}

-	if container.daemon.config.DisableNetwork {

-		container.Config.NetworkDisabled = true

-	}

-

 	if container.hostConfig.NetworkMode.IsHost() {

 		container.Config.Hostname, err = os.Hostname()

 		if err != nil {

@@ -999,7 +1005,7 @@ func (container *Container) getNetworkedContainer() (*Container, error) {

 }

 func (container *Container) ReleaseNetwork() {

-	if container.hostConfig.NetworkMode.IsContainer() || container.daemon.config.DisableNetwork {

+	if container.hostConfig.NetworkMode.IsContainer() || container.Config.NetworkDisabled {

 		return

 	}

@@ -561,7 +561,7 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo

 	}

 	// Do we have a disabled network?

-	config.DisableNetwork = isNetworkDisabled(config)

+	config.DisableBridge = isBridgeNetworkDisabled(config)

 	// Check that the system is supported and we have sufficient privileges

 	if err := checkSystem(); err != nil {

@@ -684,11 +684,9 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo

 		return nil, fmt.Errorf("Couldn't create Tag store: %s", err)

 	}

-	if !config.DisableNetwork {

-		d.netController, err = initNetworkController(config)

-		if err != nil {

-			return nil, fmt.Errorf("Error initializing network controller: %v", err)

-		}

+	d.netController, err = initNetworkController(config)

+	if err != nil {

+		return nil, fmt.Errorf("Error initializing network controller: %v", err)

 	}

 	graphdbPath := filepath.Join(config.Root, "linkgraph.db")

@@ -268,7 +268,7 @@ func configureSysInit(config *Config) (string, error) {

 	return sysInitPath, nil

 }

-func isNetworkDisabled(config *Config) bool {

+func isBridgeNetworkDisabled(config *Config) bool {

 	return config.Bridge.Iface == disableNetworkBridge

 }

@@ -336,12 +336,22 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error)

 		return nil, fmt.Errorf("Error creating default \"host\" network: %v", err)

 	}

-	// Initialize default driver "bridge"

+	if !config.DisableBridge {

+		// Initialize default driver "bridge"

+		if err := initBridgeDriver(controller, config); err != nil {

+			return nil, err

+		}

+	}

+

+	return controller, nil

+}

+

+func initBridgeDriver(controller libnetwork.NetworkController, config *Config) error {

 	option := options.Generic{

 		"EnableIPForwarding": config.Bridge.EnableIPForward}

 	if err := controller.ConfigureNetworkDriver("bridge", options.Generic{netlabel.GenericData: option}); err != nil {

-		return nil, fmt.Errorf("Error initializing bridge driver: %v", err)

+		return fmt.Errorf("Error initializing bridge driver: %v", err)

 	}

 	netOption := options.Generic{

@@ -356,7 +366,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error)

 	if config.Bridge.IP != "" {

 		ip, bipNet, err := net.ParseCIDR(config.Bridge.IP)

 		if err != nil {

-			return nil, err

+			return err

 		}

 		bipNet.IP = ip

@@ -366,7 +376,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error)

 	if config.Bridge.FixedCIDR != "" {

 		_, fCIDR, err := net.ParseCIDR(config.Bridge.FixedCIDR)

 		if err != nil {

-			return nil, err

+			return err

 		}

 		netOption["FixedCIDR"] = fCIDR

@@ -375,7 +385,7 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error)

 	if config.Bridge.FixedCIDRv6 != "" {

 		_, fCIDRv6, err := net.ParseCIDR(config.Bridge.FixedCIDRv6)

 		if err != nil {

-			return nil, err

+			return err

 		}

 		netOption["FixedCIDRv6"] = fCIDRv6

@@ -395,16 +405,15 @@ func initNetworkController(config *Config) (libnetwork.NetworkController, error)

 	}

 	// Initialize default network on "bridge" with the same name

-	_, err = controller.NewNetwork("bridge", "bridge",

+	_, err := controller.NewNetwork("bridge", "bridge",

 		libnetwork.NetworkOptionGeneric(options.Generic{

 			netlabel.GenericData: netOption,

 			netlabel.EnableIPv6:  config.Bridge.EnableIPv6,

 		}))

 	if err != nil {

-		return nil, fmt.Errorf("Error creating default \"bridge\" network: %v", err)

+		return fmt.Errorf("Error creating default \"bridge\" network: %v", err)

 	}

-

-	return controller, nil

+	return nil

 }

 // setupInitLayer populates a directory with mountpoints suitable

@@ -96,7 +96,7 @@ func configureSysInit(config *Config) (string, error) {

 	return os.Getenv("TEMP"), nil

 }

-func isNetworkDisabled(config *Config) bool {

+func isBridgeNetworkDisabled(config *Config) bool {

 	return false

 }

@@ -1324,7 +1324,17 @@ func (s *DockerDaemonSuite) TestRunContainerWithBridgeNone(c *check.C) {

 	out, err := s.d.Cmd("run", "--rm", "busybox", "ip", "l")

 	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))

 	c.Assert(strings.Contains(out, "eth0"), check.Equals, false,

-		check.Commentf("There shouldn't be eth0 in container when network is disabled: %s", out))

+		check.Commentf("There shouldn't be eth0 in container in default(bridge) mode when bridge network is disabled: %s", out))

+

+	out, err = s.d.Cmd("run", "--rm", "--net=bridge", "busybox", "ip", "l")

+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))

+	c.Assert(strings.Contains(out, "eth0"), check.Equals, false,

+		check.Commentf("There shouldn't be eth0 in container in bridge mode when bridge network is disabled: %s", out))

+

+	out, err = s.d.Cmd("run", "--rm", "--net=host", "busybox", "ip", "l")

+	c.Assert(err, check.IsNil, check.Commentf("Output: %s", out))

+	c.Assert(strings.Contains(out, "eth0"), check.Equals, true,

+		check.Commentf("There should be eth0 in container when --net=host when bridge network is disabled: %s", out))

 }

 func (s *DockerDaemonSuite) TestDaemonRestartWithContainerRunning(t *check.C) {