Podman/Linux has an API with a permission system and we still god Copy Fail: https://garrido.io/notes/podman-rootless-containers-copy-fai...

Security and authorization is just hard and at one point if you are designing a platform you have to ask yourself if it's worth the risk for the sake of flexibility. To plan for a perfectly safe system is a hopeless proposition.