Podman rootless containers and the Copy Fail exploit
Summary
An in-depth look at CVE-2026-31431 Copy Fail and how it affects Podman rootless containers. The piece demonstrates how rootless configurations can still be exploited to gain container-level root, discusses how Linux capabilities and user namespaces shape risk, and offers defense-in-depth strategies such as dropping capabilities, no-new-privileges, read-only images, and proper resource and mount controls to limit blast radius.