Containers are isolated processes, and don't need root. Docker needs root to give them elevated privileges if you require this, and to set up iptables and so on.
Please don't shrug this off so easily. With a vulnerability in the Docker daemon (an no software is 100% free of bugs) he is in more danger than before containerization.
This 1000 times. It's also an issue being a single failure point more generally.
If the daemon doesn't perform, it can affect every single container running on the system. Competing systems that use a less monolithic approach are very, very welcome.
