What security vulnerability does running containers as root pose and how should it be mitigated?

Question

Docker Fundamentals — Hard

What security vulnerability does running containers as root pose and how should it be mitigated?

Accepted Answer

Running containers as root poses a security risk because if a process escapes isolation, it gains root access on the host. This vulnerability can be mitigated by running containers as a non-root user, using user namespaces, applying seccomp profiles, and using rootless Docker.