Using Docker as a container engine with default configuration (pretty much the default way of using icedragon for now) results in ownership issues, where new files created in a bind mounted volume with source code end up being owned by root.

That issue goes away after performing UID/GID mapping, where we map the local user (from the host system) to root inside container. That's done by default in rootless containers.

One option to solve that would be enforcing users to use rootless Docker or Podman, but that would be annoying for users.

So the ultimate option is to drop the dependency on Docker and Podman all together and use youki's libcontainer as a library directly.