What mechanism prevents brctl use with in a container

Hello all,

I was playing around with a container to see what sorts of stuff I can, and cannot do. I noticed that I am unable to make a bridge with the command “brctl addbr mybridge”

I’m guessing it’s because this is a sensitive operation that affects the kernel, but would like to understand it a bit more.

Any thoughts?

FYI, if we run the container with the previliedge flag, we are able to create bridges from within a container.