In the ideal world, it would be possible to have separate white lists for docker registry depending on the security requirement for each type of docker images:
1. Registries from which we can run non-privileged containers without mounts
2. Registries from which we can run non-privileged containers with mounts
3. Registries from which we can run privileged or non-privileged containers with mounts
In the current implementation, there are only type 1 and type 2 or 3. It would be nice to definite a separate white list to differentiate between 2 and 3.