Most Linux operating systems are based on the fact that they can leverage SELinux or AppArmor for more advanced access controls to files or locations on the operating system. With these components, you can limit a container's ability to execute a program as the root user with root privileges.

Docker does ship a security model template that comes with AppArmor and Red Hat comes with SELinux policies as well for Docker. You can utilize these provided templates to add an additional layer of security on top of your environments.

For more information about SELinux and Docker, I would recommend visiting the following website:

https://www.mankier.com/8/docker_selinux

While, on the other hand, if you are in the market for some more reading on AppArmor and Docker, I would recommend visiting the following website:

https://github.com/docker/docker/tree/master/contrib/apparmor

Here you will find a template.go file, which is the template that Docker ships with its application that is the AppArmor template.