Suppose I have NodeJS application inside of Docker container. NodeJS can interact with host's filesystem using
The solution you want to use is to mount a volume on the container using the -v option.
docker run -v /path/to/directory/on/your/host:/path/to/directory/on/your/container image CMD
It will let you access your volume.
More info : https://docs.docker.com/userguide/dockervolumes/
If you want to restrict access to other part of your container you should use Apparmor from outside the container.