The advantage of docker is it allows containerzied development and allows to promote environment post testing. In that case why can’t it be made to execute as non-root like any other linux command. Although underlying it uses unix-socket instead of tcp/ip. can this fundamental architecture be re-thought to run docker as independent container similar to JVM jar files. I just wanted the community to think through a solution then only it becomes easier for development teams to easily promote to production otherwise administrators are required to do the harderning stuff on production for every implementaion.