Hacker NewsCVE-2026-31431: Copy Fail vs. rootless containers
https://www.dragonsreach.it/2026/05/04/cve-2026-31431-copy-fail-rootless-containers/
#HackerNews #CVE202631431 #CopyFail #rootlessContainers #cybersecurity #containersecurity
Jarno 
@ikkeT Migrated one machine, running this gotosocial instane among others, back from k3s to Podman. Looks like during the k3s exodus Podman vas updated to v5 with Pasta rootless networking on EL9.
Decided to try NGINX in a rootless pod instead of on the host like before. That was a difficult ride... The only way I could figure out how to have IPv6 and have real src IPs (in the NGINX pod):
- NGINX in the host network ns
- A separate IPv6-enabled container network for app pods
- All app pods still expose ports on the host
- NGINX proxy_pass to "localhost:port"
Any idea if the host ports for app pods could be avoided? It was late, so I may have missed something obvious.
#podman #pods #passt #rootlesscontainers #rootless
Decided to try NGINX in a rootless pod instead of on the host like before. That was a difficult ride... The only way I could figure out how to have IPv6 and have real src IPs (in the NGINX pod):
- NGINX in the host network ns
- A separate IPv6-enabled container network for app pods
- All app pods still expose ports on the host
- NGINX proxy_pass to "localhost:port"
Any idea if the host ports for app pods could be avoided? It was late, so I may have missed something obvious.
#podman #pods #passt #rootlesscontainers #rootless
Tom's IT Cafe🛡️ Building a Segmented, Secure Multi-Container Application with Podman #Podman #RootlessContainers #ContainerSecurity #DevSecOps #ZeroTrust #LinuxSecurity #NGINX #MariaDB #Passbolt #CyberSecurity #SegmentAndSecure #DeadSwitch #TheCyberGhost #SilentOps #InfrastructureHardening
🛡️ Use Podman. Model your application. Segment. Contain. Secure. #Podman #ContainerSecurity #RootlessContainers #LinuxHardening #SecureByDesign #DevSecOps #CyberSecurity #ZeroTrust #DeadSwitch #TheCyberGhost #InfrastructureSecurity #SilentOps #SegmentAndSecure
