(Updated based on discussion in the JIRA)
There are scenarios where privileged containers are necessary in order to run certain kinds of applications (one example is trying to run postresql/oracle inside containers). However, given the security implications, we should ensure that :
1) privileged containers are disabled by default
2) if enabled, only a whitelisted set of users should be allowed to launch such containers and
3) Not all containers launched by whitelisted users need to be privileged containers : whitelisted users need to explicitly request that a privileged container be launched.