There is one thing i am not certain how do docker suppose to solve. As i know that docker is suppose to provide isolation between the containers and the OS. so it will not allow the user to access files that is not within the containers. But how do i prevent docker to mount those files?
in most of my old deployment, i have isolation in user level permission. so i can simply use chmod/chown to isolate the general user to access certain files, but as docker have to be run as root, which mean if I allow user to use docker then it will have full access to full system’s files. how is docker aim to prevent that and what is the best practices in term of security to deal with it?