As part of Red Hat's SDLC we should check and limit CO to run its containers with the least privilege possible.

When possible don't run the containers with root user.
At least don't use privileged mode and only grant the minimal set of required capabilities.