How to secure gitlab runner


In order to use the docker command to build, pull and push I need to use docker in docker (dind) .
But to enable dind i need to provide the docker socket which will provides lot of permission, such as:

docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

An article about docker security can be resume with this strong statement:

Only trusted users should be allowed to control your Docker daemon

So If I provide the docker socket to the gitlab-runner, all user will be able to control the Docker daemon.
I didn’t found a well explained article to secure the gitlab-runner with dind enabled.

similar topic :

Thanks for your insights