Maciej will describe in details security considerations about various Linux containers projects (especially Docker, Podman/CRI-O/Kubernetes and systemd related).
You will understand what are the most non - secure ways of running Docker containers, and how to fix those, a drop - in replacement project for Docker (called Podman) that is already on the market and replacing Docker-engine in RedHat/Google Kubernetes project (Cri-o / Podman) Last, but not least - how not to use any Linux containers when all you need is just a simple separation of some resources over a Linux process (e.g. different storage view or specific users view or networking confinement).