Currently following requirement is the only one that restricts user supplied containment triples.

Servers MUST NOT allow HTTP PUT or PATCH on a container to update its containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

But that allows including containment triples in representation of to be created container, when container is created through POST on parent container.

It may not be the intention.