@titan2189, in a rootless Podman environment, the User Namespace acts as a constant translator between the container and the underlying host. Let's say you re-run the exploit, setuid(0) is run, kernel responds with a 0 (success) return code, you'd still be "trapped" inside the user namespace, which in turn maps your (root) user to an unprivileged user.