The openshift documentation reads :
To further protect RHCOS systems in OpenShift Container Platform clusters, most containers, except those managing or monitoring the host system itself, should run as a non-root user. Dropping the privilege level or creating containers with the least amount of privileges possible is recommended best practice for protecting your own OpenShift Container Platform clusters.
The container in question is going to run as a read-only, non-privileged, on cri-o runtime, with UID remapping, selinux, and secomp profile.
I’m wondering at this stage whether running the containers as non-root user is a cargo cult throwback from the days of docker daemon running as root.
If the container is running with all those constraints already is there any conceivable point in running as non-root user?