https://docs.docker.com/engine/reference/run/#/runtime-privilege-and-linux-capabilities

docker run --security-opt apparmor:unconfined --cap-add=SYS_ADMIN --device=/dev/fuse [...]