And your containers need to have specific capabilities enabled, which aren't by default on kubernetes and podman.