A container needs to share the host's network namespace for performance monitoring. Which podman run option achieves this?
Correct. The container shares the host's network namespace.
Why this answer
Option D is correct because `--network host` makes the container use the host's network stack directly, bypassing any network namespace isolation. This allows performance monitoring tools inside the container to see the host's actual network interfaces, IP addresses, and traffic without NAT or port mapping overhead.
Exam trap
The trap here is that candidates often confuse `--network host` with `--network bridge` (the default), assuming bridge mode provides host-level visibility, but bridge mode actually creates an isolated network namespace with NAT, hiding the host's interfaces.
How to eliminate wrong answers
Option A is wrong because `--network slirp4netns` uses user-mode networking with NAT, which isolates the container's network from the host and adds performance overhead, making it unsuitable for direct host network monitoring. Option B is wrong because `--network bridge` creates a separate network namespace with a virtual bridge (default for rootless containers), isolating the container from the host's network interfaces. Option C is wrong because `--network none` disables all networking inside the container, preventing any network monitoring of the host.