According to the documentation, the daemon has to get root access to work properly. Let’s say I am a ubuntu limited user who can run docker containers. With the run -v option, it is possible to mount any folder from the filesystem, to any container. Here is an example:
docker run -it -v /root:/test ubuntu:16.04 bash
My host user obviously can’t access what’s in the /root folder. Inside the container, everything that’s in the /test folder, which also is my host’s /root folder, becomes writable.
Is there a way to prevent this? Because I have the feeling that running that command on any server running docker as root can be quite dangerous!