FYI: I had tried this exploit with rootless podman containers to write to read-only mounts, but the exploit failed. I am not sure if the default container runtime in Podman is resistant against these attacks or if it assumes Docker running containers with higher privileges, but at least it was a pleasant observation. (kernel 6.18)
Are you not using OverlayFS? The exploit vector here relies on OverlayFS. What you want to reason about generally is (a) whether you have AF_ALG sockets exposed and (b) whether attackers have access to files (via inode) whose cached contents will affect other processes.
