Benefits

• When you combine minimal operating systems like CoreOS with SELinux and the scratch image, you remove unnecessary pieces of technology that could be exploited. http://www.informationweek.com/cloud/infrastructure-as-a-service/how-docker-changes-cloud-security/a/d-id/1316793

Don't

privileged

• When the operator executes docker run --privileged, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with --privileged is available on the https://docs.docker.com/engine/reference/run/
• In this case, you don't have iptables, but you don't need it, all the container exposed port could be managed via the firewall of the host machine