The runner that is installed via GitLab managed apps defaults to `privileged`. (I presume this is necessary because many scripts use docker-in-docker, include Auto DevOps) We might need several aspects here: - [ ] Use Kaniko to [build Docker images](https://gitlab.com/gitlab-org/gitlab-ce/issues/50313) for Auto Devops, as Kaniko does not need privileged. (NB: Other Auto Devops stages may still need Docker) - [x] Remove Dind in security products https://gitlab.com/groups/gitlab-org/-/epics/971 - [ ] Default installed runner to not `privileged` - [ ] Allow user to configure runner app ## Links * Discussion about how `privileged` allows access : https://gitlab.com/gitlab-org/gitlab-ce/issues/49056#note_122217505