Containers are created with non-empty inheritable Linux process capabilities, permitting programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2).
This bug does not affect the container security sandbox, as the inheritable set never contains more capabilities than are included in the container's bounding set.