What is the principle of least privilege in Docker?

The principle of least privilege in Docker means giving containers only the capabilities and access they need — no more. Applied to Docker: (1) Non-root user: use USER in Dockerfile; set runAsNonRoot: true in Kubernetes; (2) Read-only filesystem: docker run --read-only myapp — container cannot write to its filesystem (mounts tmpfs for /tmp if needed); (3) Drop capabilities: Linux capabilities grant specific privileges. Docker grants ~14 by default. Drop all and add only needed: docker run --cap-drop ALL --cap-add NET_BIND_SERVICE myapp (NET_BIND_SERVICE lets you bind to ports <1024 without root); (4) No privileged mode: never use --privileged unless absolutely necessary (gives container nearly all host capabilities); (5) No host namespaces: avoid --network host, --pid host, --ipc host unless necessary; (6) Minimal images: fewer packages = smaller attack surface; (7) seccomp profiles: restrict system calls the container can make; (8) AppArmor/SELinux: mandatory access control profiles; (9) Immutable volumes: mount volumes as read-only when container only needs to read: -v data:/app/data:ro; (10) Limited resource access: set CPU and memory limits to prevent resource exhaustion.