I don’t see where any capabilities or privilege escalation were recommendeed . I think @meyay meant you can have multiple docker networks attached to a single container. That doesn’t require changing anything on the host. The “network=none” was just an example for a container without network. Not to configure one yourself without Docker.