I think you are confusing "Containers" with "Jails". Containers are read-only images, and aren't designed to have that kind of crazy customization like a jail does. Its for ease of deployment, and sane upgrade paths. It's why for 2+ years I've been able to update plex, jellyfin and friends with just a single click on a UI button.
On Linux side, the Jail equivalent would be something like systemd-nspawn, LXD or similar technology. You get the same flexibility as jails, and I'd argue even more with native support for things like GPU passthrough and nested containers, etc. All the same options for network configuration, customization, etc etc.