Ensure mounting Docker socket daemon in a container is limited

The docker socket is what provides system access to do things like create new containers. Access to the docker socket should not be provided to containers directly as best practice.

To ensure that the docker socket daemon does not run in a container it is recommended to edit the workload manifest and set appropriate linux in-built security profiles such as SELinux/AppArmor. Look for the argument volumes:hostPath in your Kubernetes workload configuration and verify that it is not set to /var/run/docker.sock or /var/run/docker. Newer versions of Kubernetes no longer have access to the docker runtime engine, so this only impacts versions prior to 1.21.

References:
https://kubernetes.io/blog/2020/12/02/dont-panic-kubernetes-and-docker/