Ah of course, we should not use userns because it might be vulnerable to some yet to be discovered vulnerability. The better alternative is to give full root access so we won't have surprises.
The full access to the docker socket from a user account is typically used on a development machine where malware has many other opportunities to become a root.