I guess it's not even necessary to be able to access to the filesystem for a host machine. There are at-least two other malicious things you can hypethicaly do with just access to docker daemon api
Get all env variables from other docker containers
Pull/push and inspect a private docker images, which could include a source code or even credentials
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I guess it's not even necessary to be able to access to the filesystem for a host machine. There are at-least two other malicious things you can hypethicaly do with just access to docker daemon api