In a recent email interview with me, Docker said that the Docker platform is the most secure container runtime available today (see chart below). Current versions of Docker (1.11 and later) support AppArmor, cryptographic image signing, end-to-end cryptographic signature validation, granular control through the use of cgroups, SELinux (mandatory access control), seccomp (syscall restrictions), and user namespaces (root in the container without privileges on the host).