Currently the docker run task allows the user to mount additional folders.
If a user mounts the host folder "/" he can then access the complete file structure of the build server with root permissions.
How can we enforce that only (sub-)folders of his workdirectory is accessible?