Exploit the fact that Docker runs as root to create a SUID binary on the host using a container. This requires the user to be privileged enough to run docker, i.e., being in the `docker` group.
This creates a SUID shell in the guest file system. Any other Linux images should work, e.g., `debian`.