Why does my container have access to system folders?!?

I am so insanely frustrated trying to figure this out.

I’m no docker expert . I use it on my media server to run things like Sonarr, etc. I’ve been running it for years on one system and just tried putting it on a second.

On the first, when I do something like this:

# Sonarr – TV Show Download and Management
    image: "hotio/sonarr:phantom"
    hostname: sonarr
    container_name: "sonarr"
      - test/docker/sonarr:/config
      - data/Downloads/completed:/downloads
      - data/media/tvshows:/tv
      - "/etc/localtime:/etc/localtime:ro"
      - test/docker/shared:/shared
        - 8989:8989"
    restart: always
  - PUID=991
  - PGID=1001
  - TZ=${TZ}
  - UMASK=002

everything’s fine and when I use the app to navigate to a folder, I ONLY see /config /downloads /tv and /shared as I’d expect.

BUT, when I run it on the 2nd machine (both are Ubuntu 18.04) I get access to a whole lot more! As in… almost all of my system’s directories. /var /opt /home etc

I say “almost” because some like /boot and /cdrom aren’t there, but most are. They are EMPTY and I can’t truly access them… but they list.

What did I do that’s making it list these folders? I wouldn’t have thought the container could even see outside its defined volumes!