The user tested the Copy Fail exploit on a rootless container running with Podman and found that it can be used to obtain a root shell, but the blast radius is limited due to user namespaces and Linux capabilities. The user demonstrated various ways to limit the exposure of a compromised container, including dropping capabilities, disabling new privileges, and using a read-only root ...