Comment by nyrikki

Note that while containers can be leveraged to run processes at lower privilege levels, they are not secure by default, and actually run at elevated privileges compared to normal processes.

Make sure the agent cannot launch containers and that you are switching users and dropping privileges.

On a Mac you are running a VM machine that helps, but on Linux it is the user that is responsible for constraints, and by default it is trivial to bypass.

Containers have been fairly successful for security because the most popular images have been leveraging traditional co-hosting methods, like nginx dropping root etc…

By themselves without actively doing the same they are not a security feature.

While there are some reactive defaults, Docker places the responsibility for dropping privileges on the user and image. Just launching a container is security through obscurity.

It can be a powerful tool to improve security posture, but don’t expect it by default.