• ntn888@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    2
    ·
    2 months ago

    yeah, but any update failure of a container is less fatal. and only affects the isolated service… it’s way easy to manage this situation than an unbootable server.

    • oshu@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      How so? if I compromise a containerized app I get all the data that app has access to.

      From a security standpoint, each and every container running actually increases the potential attack surface.