User privilege system for docker that controls container and volume
creation. It enables the administrator to exercise control over the
containers that users are allowed to create and decide whether to permit
creation of privileged containers, what parts of the host file system
can be visible to containers via bind or volume mechanism, what memory
limits to apply, etc.

User privileges are kept in LDAP.