Signatory container runs as root user

[stephengaudet]

Although it can seem like root inside the container is an independent user, it’s actually the same as the root account on your host. Separation’s only provided by Docker’s container isolation mechanisms. There’s no strong physical boundary; your container’s another process run by the root user on your host’s kernel. This means a vulnerability in your application, the Docker runtime, or the Linux kernel could allow attackers to break out of the container and perform root-privileged operations on your machine.