since some time docker containers have whitelist of capabilities – i.e. they are not allowed to do certain things, unless explicitly stated. common case you can ran into is settings up networking inside a container – say a firewall. there are a lot of weird advices, including running insecure containers! the answer to this is however very simple – just add a proper capability, when starting your container:
docker run --cap-add=NET_ADMIN blabala...
and you're done!