diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 624c6b2cd71a0a017197c42c365899194f1fa3f2..4edada3331080cdf503de3a5ff34c2734d07f753 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -897,6 +897,7 @@
     <acpi/>
     <apic/>
     <hap/>
+    <privnet/>
   </features>
   ...</pre>
 
@@ -924,6 +925,12 @@
       <dd>Enable Viridian hypervisor extensions for paravirtualizing
         guest operating systems
       </dd>
+      <dt><code>privnet</code></dt>
+      <dd>Always create a private network namespace. This is
+        automatically set if any interface devices are defined.
+        This feature is only relevant for container based
+        virtualization drivers, such as LXC.
+      </dd>
     </dl>
 
     <h3><a name="elementsTime">Time keeping</a></h3>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index b804a7074b40f78a3f627d0c8c74b21db4bd5740..5b3e5fa548978ca753bdc929413dd9187b20a2e1 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2632,6 +2632,11 @@
               <empty/>
             </element>
           </optional>
+          <optional>
+            <element name="privnet">
+              <empty/>
+            </element>
+          </optional>
         </interleave>
       </element>
     </optional>
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f6f8b8ca88073ae040cb4fd15b44b3cc7cf33e29..e6d0f4be010c37d7239a6f1ca3d50dfffaa97b1e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -106,7 +106,8 @@ VIR_ENUM_IMPL(virDomainFeature, VIR_DOMAIN_FEATURE_LAST,
               "apic",
               "pae",
               "hap",
-              "viridian")
+              "viridian",
+              "privnet")
 
 VIR_ENUM_IMPL(virDomainLifecycle, VIR_DOMAIN_LIFECYCLE_LAST,
               "destroy",
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 0ab3b814fa767f1378d4e81ffea3d3fbef8ee1d4..f471e355db596eea7c921fbe7b0c101bb06bd6ac 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1298,6 +1298,7 @@ enum virDomainFeature {
     VIR_DOMAIN_FEATURE_PAE,
     VIR_DOMAIN_FEATURE_HAP,
     VIR_DOMAIN_FEATURE_VIRIDIAN,
+    VIR_DOMAIN_FEATURE_PRIVNET,
 
     VIR_DOMAIN_FEATURE_LAST
 };
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index d827b35f61966743af748938c1a85642c34e785e..267fbfb07a96b9f95b4bf161e225dea128a23e95 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -261,7 +261,8 @@ int lxcContainerWaitForContinue(int control)
  *
  * Returns 0 on success or nonzero in case of error
  */
-static int lxcContainerRenameAndEnableInterfaces(unsigned int nveths,
+static int lxcContainerRenameAndEnableInterfaces(bool privNet,
+                                                 unsigned int nveths,
                                                  char **veths)
 {
     int rc = 0;
@@ -289,7 +290,7 @@ static int lxcContainerRenameAndEnableInterfaces(unsigned int nveths,
     }
 
     /* enable lo device only if there were other net devices */
-    if (veths)
+    if (veths || privNet)
         rc = virNetDevSetOnline("lo", true);
 
 error_out:
@@ -1343,7 +1344,9 @@ static int lxcContainerChild( void *data )
     VIR_DEBUG("Received container continue message");
 
     /* rename and enable interfaces */
-    if (lxcContainerRenameAndEnableInterfaces(argv->nveths,
+    if (lxcContainerRenameAndEnableInterfaces(!!(vmDef->features &
+                                                 (1 << VIR_DOMAIN_FEATURE_PRIVNET)),
+                                              argv->nveths,
                                               argv->veths) < 0) {
         goto cleanup;
     }
@@ -1458,7 +1461,8 @@ int lxcContainerStart(virDomainDefPtr def,
         cflags |= CLONE_NEWUSER;
     }
 
-    if (def->nets != NULL) {
+    if (def->nets != NULL ||
+        (def->features & (1 << VIR_DOMAIN_FEATURE_PRIVNET))) {
         VIR_DEBUG("Enable network namespaces");
         cflags |= CLONE_NEWNET;
     }