[freedomben]

Thanks for the link. I tried the copyfail PoC in rootless podman yesterday and it didn't work, but I hadn't dug into it yet. This is great info.

[raesene9]

I've had claude knock up a basic podman PoC, that seems to work ok https://github.com/raesene/vuln_pocs/tree/main/CVE-2026-3143... . It just uses a read-only mount and then demonstrates overwriting that read-only file.

Key point for testing exploitability is kernel version, package versions (in case they ship a patch) and loaded kernel modules. Some stripped down environments don't have the relevant modules available.