The Docker container also needs to be run in privileged mode, so you should probably treat this as if it were an emulator running root. It does work around dependencies on VT-x and such, though, and cuts down on the performance overhead of virtualising an extra kernel.