[cuckcuckspruce]

This is what sudo is for. Give each user access to run their containers (and only their containers) as a member of the docker group in sudoers.

[mbreese]

This doesn't work when users may need to run arbitrary (or user-defined) containers. You can only sudo so much... But, perhaps you could restrict it to "sudo docker run". I'll have to give that a try. But that would make it extraordinarily more difficult for a user to stop / rm / kill a container. Plus, it's not like docker has the concept of an "owner" for a container - does it?

Nonetheless, you shouldn't need to run anything as root in order to start a container that doesn't require extra privileges .

[TheDong]

Please clarify what you mean by "access to run ... only their containers". How is that possible?

[geggam]

sudo arguably is another vector of attack