For my reproducibility work I have recently been introduced to the Singularity containerisation workflow, which has some key differences from Docker, especially regarding the permissions that processes run at.

You can find the post on the SoHPC website.