InformationThe Docker daemon currently requires root privileges. A user added to the docker group gives him full root access rights.
Docker allows you to share a directory between the Docker host and a guest container without limiting the access rights of the container. This means that you can start a container and map the / directory on your host to the container. The container will then be able to alter your host file system without any restrictions. In simple terms, it means that you can attain elevated privileges with just being a member of the docker group and then starting a container with mapped / directory on the host.
SolutionRemove any users from the docker group that are not trusted. Additionally, do not create a mapping of sensitive directories on host to container volumes.
Rights to build and execute containers as normal user would be restricted.