0

The host and the Docker container use the same kernel, so applying the security patch to the host should be enough, right?

Example: the CVE-2021-33909 vunerability: https://ubuntu.com/security/CVE-2021-33909. On Ubuntu, running apt-get update && apt-get dist-upgrade && reboot on the host is enough?

Improve this question
4
  • 1
    Are you running those commands in a container or on the host? If it installed a new kernel, did you reboot? Commented Aug 9, 2021 at 22:15
  • On the host, and yes for the reboot, I'll clarify that. Commented Aug 9, 2021 at 22:19
  • 1
    If, after the reboot a uname -r shows the new kernel version, then you're running the updated kernel. Since the host and containers share the same kernel, that applies to the containers too. Commented Aug 9, 2021 at 22:22
  • I tried and yes, the kernel versions for the host and container are in sync, before and after updating the host. Thank you! Commented Aug 9, 2021 at 23:40

1 Answer 1

Reset to default
1

Containers share the same kernel as the host, so if you successfully update the kernel on the host and reboot into that kernel, both the host and the containers will use the new kernel. You won't have to explicitly update anything within any container.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.