A subtle mistake in how container runtimes set Linux process capabilities quietly opened a path to privilege escalation in early 2022: containers launched by some versions of Podman and Moby (the open-source project behind Docker Engine) were started with non-empty inheritable capabilities...
