If you want users to fiddle inside your container, for example as development environments, you basically need to give them right to execute arbitrary code.
That historically has never been acceptable for big corps, because they like to cover their backs and it's too risky on docker.
Well you can by restricting Sudo rights and vetting software beforehand, but it's really really annoying. It creates an infinite loop of users asking you to enable new software. It's just easier to give the user sudo rights and let they solve their own problems.
Thanks to your hypervisor, and the fact that this kind of user-isolation is your responsibility, your service allow such applications to run now on docker, not only on VMs. With all the advantages of docker (easier to build, quick, easy to maintain)...
Examples of this:
* Jupyter http://jupyter.org/
* Demo environments for code frameworks
* Demo tenants for multi-tenants apps