diff --git a/group_vars/mons.sample b/group_vars/mons.sample
index c6414a941..784cdcb90 100644
--- a/group_vars/mons.sample
+++ b/group_vars/mons.sample
@@ -79,5 +79,6 @@ dummy:
 #ceph_mon_docker_imagename: daemon
 #ceph_mon_extra_envs: "MON_NAME={{ ansible_hostname }}" # comma separated variables
 #ceph_docker_on_openstack: false
-#mon_docker_privileged: true
+#mon_docker_privileged: false
+#mon_docker_net_host: true
 
diff --git a/roles/ceph-mon/defaults/main.yml b/roles/ceph-mon/defaults/main.yml
index abd30e505..849bb2f01 100644
--- a/roles/ceph-mon/defaults/main.yml
+++ b/roles/ceph-mon/defaults/main.yml
@@ -71,4 +71,5 @@ ceph_mon_docker_username: ceph
 ceph_mon_docker_imagename: daemon
 ceph_mon_extra_envs: "MON_NAME={{ ansible_hostname }}" # comma separated variables
 ceph_docker_on_openstack: false
-mon_docker_privileged: true
+mon_docker_privileged: false
+mon_docker_net_host: true
diff --git a/roles/ceph-mon/tasks/docker/start_docker_monitor.yml b/roles/ceph-mon/tasks/docker/start_docker_monitor.yml
index 8c18a22e2..5c5751c92 100644
--- a/roles/ceph-mon/tasks/docker/start_docker_monitor.yml
+++ b/roles/ceph-mon/tasks/docker/start_docker_monitor.yml
@@ -41,16 +41,20 @@
     name: populate-kv-store
     state: absent
     image: ceph/daemon
+  when: mon_containerized_deployment_with_kv
 
 # Use systemd to manage container on Atomic host and CoreOS
 - name: generate systemd unit file
   become: true
   template:
-    src: ../../templates/ceph-mon.service.j2
+    src: ../templates/ceph-mon.service.j2
     dest: /var/lib/ceph/ceph-mon@.service
     owner: "root"
     group: "root"
     mode: "0644"
+  when:
+    is_atomic or
+    ansible_os_family == 'CoreOS'
 
 - name: link systemd unit file for mon instance
   file:
diff --git a/roles/ceph-mon/templates/ceph-mon.service.j2 b/roles/ceph-mon/templates/ceph-mon.service.j2
index 76f04226e..ab9c384ad 100644
--- a/roles/ceph-mon/templates/ceph-mon.service.j2
+++ b/roles/ceph-mon/templates/ceph-mon.service.j2
@@ -14,7 +14,12 @@ ExecStart=/usr/bin/docker run --rm --name %i --net=host \
    -e KV_TYPE={{kv_type}} \
    -e KV_IP={{kv_endpoint}}\
    {% endif -%}
+   {% if mon_docker_privileged -%}
    --privileged \
+   {% endif -%}
+   {% if mon_docker_net_host -%}
+   --net=host \
+   {% endif -%}
    -e CEPH_DAEMON=MON \
    -e MON_IP={{ hostvars[inventory_hostname]['ansible_' + ceph_mon_docker_interface]['ipv4']['address'] }} \
    -e CEPH_PUBLIC_NETWORK={{ ceph_mon_docker_subnet }} \
@@ -28,4 +33,4 @@ TimeoutStartSec=120
 TimeoutStopSec=15
 
 [Install]
-WantedBy=multi-user.target
\ No newline at end of file
+WantedBy=multi-user.target