Much better to think about it in terms of leaving the OS alone and using jails:
If you’re not able to make it work that way, you can take a jail created that way and use it as a rootfs for ubernerd/nerdctl, where you would set the container to run privileged (GitHub - Jip-Hop/ubernerd: Run Docker and LXC-like containers with a portable install of nerdctl on a systemd based host).