docker run -it --rm -u yap ubuntu /bin/bash # run as non-root user
docker run -it --rm --security-opt=no-new-privileges ubuntu /bin/bash
docker run -it --rm --cap-drop all --cap-add NET_ADMIN ubuntu /bin/bash
docker run -it --rm --read-only --tmpfs /opt ubuntu /bin/bash
docker network ls # bridge is the default mode
docker network inspect bridge # get subnet range
docker network create --driver bridge -o "com.docker.network.bridge.enable.icc"="false" test # create custom network that disable intercommunication between containers
docker run -it --rm --network test ubuntu /bin/bash