I assume you mean container, not VM. But yes, container makes it harder.

minimaltom · 2026-05-08T22:58:17 1778281097

Worth adding also that you can only use these vectors to corrupt the page cache for files reachable in your mount namespace.

Usually with containers, almost nothing is shared with the host namespaces (tho likely shared with other container namespaces, hopefully none of those are --priv).