Service. How to restrict access to path in Docker container? Ask

I’ve written a Dockerfile for testing user access. The other file ( is on this link

Up to here, I’ve done this:

From Ubuntu 12.04.05, make a new container with sudo and ssh server.
Change defaults root password to 'root’
Create a test directory ‘/app’ and a file inside called ‘lalal’ with a sample string.
Create user ‘DevOps Videos’ and add sudo capabilities to it so as to start ssh service.
Configure the script to start the ssh service at startup and change to ‘devops’ to the default user.
Operations with docker:

To build: docker build testuser/testuser:v1 -f ./Dockerfile .
To run: docker run -d -P --name testuser -p 22:22 testuser/testuser:v1
To see the logs: docker logs testuser
To run a bash: docker exec -i -t bash
To run a bash with root user: docker exec -i -t -user=root bash
Up to running a bash with devops user there is no problem due to the restrictions given to /app directory but when I run bash with root user I can do whatever I want and the devops user is useless. How can I correct this security hole?

root wins over all users…