The issue preventing this from just working is caused by selinux.
To disable this, either use the --security-opt label=disable or specify the following in compose files:
runner:
image: drone/drone-runner-docker:1
security_opt:
- label:disable