I would of though that if you want to restrict developer from doing that you would add commands to the sudoes file? isn't that the whole point of sudo?

Correct me if I'm wrong, I'm interested to know? I'm currently looking into docker and the advantages it brings to deployment instead of using a VM.