« Back to projectatomic.io
Ask Your Question

Does OS patching require container patching?

asked 2014-12-01 08:15:07 +0000

Saurabh gravatar image

Let us assume I have 100 containers running on 10 hosts all running Atomic and each of the container using Atomic as base image. Now, a vulnerability was detected in Atomic and needs to be patched. I assume we will update 10 hosts quite easily by running package manager update utility. How about 100 containers? Would they require to be rebuilt, reimaged, and then I kill my 100 containers (in say a rolling update) and restart them with the new image? Previously, we had a clean separation of app and platform worlds where each can be patched independently. But now, an OS patch (not Kernel patch) requires everything to be rebuilt and redeployed. Is this really necessary? What are the choices for resolving this? Thanks, AB

edit retag flag offensive close merge delete

6 answers

Sort by ยป oldest newest most voted

answered 2017-08-19 14:56:36 +0000

mawiya gravatar image

I love the script that enhances me to build more inner interest on me, Companies and organizations provide their employees a system to play with but it also increases their capacity of working accordingly, Affiliated with SEO service company in UAE which upgrade even the employee personality, I would like to contribute and hear more with admin.

edit flag offensive delete link more

answered 2017-08-17 06:03:48 +0000

I was able to find good information from your blog articles. Download Appvn

Wonderful post! We are linking to this great post on our website. Keep up the great writing. download jio4gvoice This is a very good tip particularly to those fresh to the cerberus app

edit flag offensive delete link more

answered 2017-08-03 03:51:40 +0000

nice my world

edit flag offensive delete link more

answered 2017-07-30 17:10:29 +0000

appvn download 3ds emulator download

edit flag offensive delete link more

answered 2017-07-10 20:37:20 +0000

Download TutuApp

Download Appvn

edit flag offensive delete link more

answered 2014-12-10 17:08:14 +0000

jzb gravatar image

Several questions here - let me try to hit them all.

Whether your containers require a rebuild depends on the vulnerability and whether it's in the containr as well as the host. Shellshocked (bash vuln) for example - if you were using Fedora containers and Fedora Atomic host - all would require an update.

Not sure I agree that the previous version was any cleaner - if you had an app running in a VM you still had to deal with the same rebuiild, etc. - you just had more overhead as well. If the app is running directly on the host, sure - you patch once.

As far as resolving.. not quite sure what you're asking there?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]


Asked: 2014-12-01 08:15:07 +0000

Seen: 164 times

Last updated: Aug 19