--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]
-c, --cpu-shares=0 CPU shares (relative weight)
--dns=[] : Set custom dns servers for the container
--network="bridge" : Connect a container to a network
'bridge': create a network stack on the default Docker bridge
'container:<name|id>': reuse another container's network stack
'host': use the Docker host network stack
'<network-name>|<network-id>': connect to a user-defined network
--network-alias=[] : Add network-scoped alias for the container
--add-host="" : Add a line to /etc/hosts (host:IP)
--mac-address="" : Sets the container's Ethernet device's MAC address
--ip="" : Sets the container's Ethernet device's IPv4 address
--link-local-ip=[] : Sets one or more container's Ethernet device's link local IPv4/IPv6 addresses
--read-only :prohibiting writes to locations other than the specified volumes
`--entrypoint` will clear out `CMD`
echo test | docker run --rm -i alpine cat
docker run --security-opt seccomp:unconfined # may fix chromium start error