diff --git a/docker.changes b/docker.changes
index 0208623..916929b 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com>
+
+- Fix default installation such that --userns-remap=default works properly
+  (this appears to be an upstream regression, where --userns-remap=default
+  doesn't auto-create the group and results in an error on-start). boo#1143349
+
 -------------------------------------------------------------------
 Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 
diff --git a/docker.spec b/docker.spec
index 9aa97a3..bda0e2b 100644
--- a/docker.spec
+++ b/docker.spec
@@ -413,7 +413,18 @@ install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
 %fdupes %{buildroot}
 
 %pre
+# /var/run/docker.sock group owner.
 getent group docker >/dev/null || groupadd -r docker
+
+# used for --userns-remap=default.
+getent passwd dockremap >/dev/null || \
+	useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap
+# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there
+# aren't any conflicts here, because usermod doesn't provide the same "get
+# unusued range" feature that dockremap does.
+grep -q '^dockremap:' /etc/sub[ug]id || \
+	usermod -v 100000000-100065536 -w 100000000-100065536 dockremap
+
 %service_add_pre %{realname}.service
 
 %post