-1

I am fairly new to running Docker and have a question about updating java. Do I need to completely rebuild the container if we need to update the java version? Our nessus scans are flagging the java version by scanning the docker/overlay2 folder on the host.

Thanks!!

I have not tried anything yet, too afraid to destroy the server.

Eddie
  • 3
  • 2
  • 3
    Yes, build a new version of the image. Any changes to the container are lost when stopping/spawning the container. – Jeppe Oct 27 '22 at 19:42
  • 1
    Generally speaking, you want your containers (and really any artifact that you use to run your software) to be built by some automated process in a CI server only. That way "trying" anything should not be a big risk, as each build is reproducible. – Joachim Sauer Oct 27 '22 at 20:00

1 Answers1

0

There are severals ways. The chosen way may depend on what you want to get in the final result.

  1. Change the base image to use needed java version and build your new image with updated java version. You can find java images there https://hub.docker.com/_/openjdk/tags

  2. Change your Docker file, add commands to install/upgrade java version. Then build your new image

  3. Upgrade java version inside your container, and then use docker commit to save your changes to the new image https://docs.docker.com/engine/reference/commandline/commit/

BaDos
  • 72
  • 4
  • 2
    #1 is really the only sane option in the long run. #2 *might* be sane, if Java is not the only thing you do in the container, but then you're *probably* doing containers wrong, #3 is an absolute last choice that you want to avoid if at all possible. Containers are cattle, not pets. You should have an automated process in place to produce them, and thus also upgrade the base image. – Joachim Sauer Oct 27 '22 at 19:59
  • @JoachimSauer absolutely! I totally agree with you. – BaDos Oct 27 '22 at 20:48