You have passwordless sudo access on the Docker containers, however when you kick off a new build we will create a new VM just for the build and start the docker container inside it, making sure that nobody can ramble around :)
Thanks. Is this setup with the per-build VM and Docker server access intended so that users could set up multiple linked containers for integration testing, etc.?