Found out there's a rootless way of running docker, but we're missing uidmap and maybe iptables.
https://docs.docker.com/engine/security/rootless/