confinement of docker operations
For security purpose, the rails application should not have access to the docker socket.
Rationale: a compromission of the rails server gives full access (root) to the host machine, which allows the attacker to install any kind of rootkit and cover all traces of his intrusions.