Currently, docker containers that run within each Type-1 VM run in privileged mode. This isn't ideal from a Defense-in-Depth perspective. The plan is to implement the following guidance such that each application-level container runs in a non-root user namespace.
Run the Docker daemon as a non-root user (Rootless mode)
Run the Docker daemon as a non-root user (Rootless mode)
How to Run Docker in Rootless Mode
How to run Docker containers on Linux without root privileges.
![](https://cdn.thenewstack.io/media/2022/03/14e8787f-flower-gf47577b05_640.jpg)
In the meantime, I need to implement user namespaces/UID/GUID mapping.
The current blocker for this is rootless and does not support overlay networks.