I looks like many projects are just using docker inside docker by installing docker into the image and sharing the docker socket. I suspect that this approach is safe enough for now. Some people even run a newer docker version in the container then on the host. Probably, there is some kind of hand shake between the docker daemon (host) and the docker binary (container) to find out the highest possible version of the protocol to be used.
I looks like many projects are just using docker inside docker by installing docker into the image and sharing the docker socket. I suspect that this approach is safe enough for now. Some people even run a newer docker version in the container then on the host. Probably, there is some kind of hand shake between the docker daemon (host) and the docker binary (container) to find out the highest possible version of the protocol to be used.