podman

A Time‑of‑check / Time‑of‑use (TOCTOU) race condition in Podman — tracked as CVE‑2023‑0778 — allows a low‑privilege user to replace a regular file in a container volume with a symlink during an export operation, potentially causing Podman to follow that symlink and expose arbitrary host files to...

A subtle mistake in how container runtimes set Linux process capabilities quietly opened a path to privilege escalation in early 2022: containers launched by some versions of Podman and Moby (the open-source project behind Docker Engine) were started with non-empty inheritable capabilities...

The container build toolchain that many organizations treat as a routine developer utility just produced a reminder: a single badly-validated path can break the isolation model that makes containers safe. In March 2024 Buildah (and downstream Podman Build) was assigned CVE-2024-1753 — a...

Podman’s kube play command contains a symlink traversal flaw that can let a malicious or compromised container cause Podman to overwrite arbitrary files on the host filesystem — a high‑severity integrity and availability risk that was fixed in Podman v5.6.1 but remains a critical operational...

Docker transformed the world of software development, empowering teams to encapsulate applications within containers—lightweight, portable, and consistent across environments. But in 2025, Docker is far from the exclusive gateway to container technology. As cloud-native practices, security...

For seasoned Windows users, the allure of constructing a tailored development environment is irresistible—especially in an age where applications, libraries, and containers sprawl unchecked, threatening the stability and cleanliness of one's daily driver system. This desire for isolation and...

For years, the very notion of running Linux tools on Windows would evoke images of clunky virtual machines wheezing under the load of Type-2 hypervisors, all so an intrepid user could SSH into a server or play with Bash scripts over their morning coffee. This arrangement, while serviceable, felt...

Forget everything you thought you knew about managing containers on Windows, because there’s a new sheriff in Container Town, and its name is Podman Desktop. Once the preserve of Linux purists who liked their containers rootless and their daemons non-existent, Podman has burst through the...