LXC/docker.io & kernel updates

Linux Containers use the Kernel of their host system. How do I make sure that the containers are OK after a major upgrade of the kernel of the host system?

Solution

A paranoid solution would be to:

copy the containers to a test host running the new kernel,
start the containers in isolation (e.g. routing disabled, or iptables rule to block outgoing traffic),
check that everything is OK,
if it works, roll out the kernel upgrade on the production hosts.

This is quite easy with Docker, since you can docker push your containers from the production setup and docker pull them from the test setup.

But generally speaking, as long as you're upgrading, you should be fine. If you downgrade to an older kernel version (e.g. 3.8+ to <3.8) you might see some issues, but it's not related to the downgrade operation; it's just that pre-3.8 kernels have issues with namespaces (except when relevant patches have been backported).

Which method for finding the reason for latency peaks on embedded Linux?
How can I convert virtual address from user space to physical address?(in linux device driver)
How to enable Asus WMI LED manually in terminal by ID found in asus-wmi.h
Which C version is used in the Linux kernel?
How to avoid transparent_hugepage/defrag warning from mongodb?
is tcpdump affected by iptables filtering?
My Linux kernel module to control fan speeds and rgb keyboard of Acer Nitro 16 causes kernel panic
How to build a Linux kernel module so that it is compatible with all kernel releases?
Linking Linux kernel's object file built with `-mcmodel=kernel` into userspace application: what to do with GS segment used instead of FS?
What does the 'sched_feat' macro in scheduler mean?
Access to the sys_call_table in kernel 2.6+
How can I load Linux kernel modules from C code?
Twice number of page faults for access to zero-initialized memory
What is SRCREV_machine and SRCREV_meta in yocto kernel recipes
What do boot option `noapic` and `noacpi` actually do?
How the function do_raw_spin_lock is implemented in linux
What does the Linux 0.11 kernel do while the disk prepares data after hd_out?
what is the use of SPL (secondary program loader)
How to address ".text+XXX: 'naked' return found in RETHUNK build" in assembly part of a Linux driver?
insmod: ERROR: could not insert module HelloWorld.ko: Operation not permitted
Linux Kernel generate compile-commands.json for module
Trying to run EINJ but not able to find <debugfs mount point>/apei/einj
Determine USB device file Path
Linux find out Hyper-threaded core id
Is it possible to run programs without any non-executable segment protection in modern Linux Kernels?
How to get WSL2 kernel headers?
c undefined reference to function - Compiling android/linux kernel
Does mutex and semaphores "Busy wait" in a LINUX systems?
Cannot make sys_call_table read-write in Oracle 8 ARM64
Where does Android store shutdown logs?