By default, the Docker Daemon runs as root user on the host. By listing all the processes on the box you can identify which user the Docker Daemon runs as.
ps aux | grep docker
As a result of the Daemon running as root, any containers started will have the same security context as the host's root user.
docker run --rm alpine id
This has the side-effect that if files owned by the root user are accessible from the container, then can be modified by the running container.
The following command identifies the risk of running containers as root user.
First, create a copy of the touch command on our host.
sudo cp /bin/touch /bin/touch.bak && ls -lha /bin/touch.bak
Because the container is both root inside the container and on the host, the file can be removed.
docker run -it -v /bin/:/host/ alpine rm -f /host/touch.bak
As a result, the command no longer exists.
ls -lha /bin/touch.bak
In this case, the container is capable of deleting the touch binary from the host.