> Most production web sites today are exploitable because of this.

How so? To exploit this, you need to already have RCE on a container. But generally you get that RCE by exploiting the site (the application code) in the first place.

In which scenario does an attacker have code execution privileges in a container, but needs this root privilege to exploit the site?