Podman rootless containers and the Copy Fail exploit

· security · Source ↗

CVE-2026-31431 (copy.fail, disclosed April 29) lets a local unprivileged user get a root shell via Python script—but Podman’s rootless model sharply limits the blast radius.

What Matters

  • Copy Fail yields container root inside Podman rootless, but that root maps to host UID 1001 (the unprivileged runner), not real host root.
  • Podman’s fork/exec model descends containers from the user’s own process; Docker’s rootful daemon spawns containers as host root by default.
  • User namespaces map container UID 0 → host UID 1001, and container UID 33 (www-data) → host UID 165568, enforcing standard UID isolation.
  • Each UNIX user gets its own user namespace; Docker allows only one shared namespace and requires explicit opt-in configuration.
  • Default capability set for container root includes CHOWN, DAC_OVERRIDE, SETUID, SYS_CHROOT; dropping all with --cap-drop=all breaks apt during image build.
  • Defence-in-depth mitigations: read-only images, resource constraints, dropping capabilities, limiting available binaries, and network firewalling.
  • [HN: @raesene9] The article focuses on the sample exploit (overwriting su) rather than the general primitive: arbitrary overwrite of files the user should only read.

Original | Discuss on HN

Related coverage