You may be thinking of the lack of user namespacing in Docker. Until v1.10 root in a container was the same user as root outside the container.

This did not automatically lead to allow a contained user to breakout, but made it easier.

In 1.10 user namespacing reduces this risk as the root user in a container can be remapped to another user account outside the container.