What happens if, for example, with LXC or Docker, there is some kernel change? Will it also change the kernel of those Docker containers?

27. April 2025 | Linux Containers | Docker | LXC | runc

Short version:

  • LXC and Docker containers share the host’s kernel.

  • They don’t have their own separate kernel inside the container.

  • So: if the host’s kernel changes (upgrade, patch, bug, security fix)it immediately affects all containers running on that host.

Example:

  • Host runs Linux kernel 5.10.

  • All LXC and Docker containers are using 5.10 too (even if inside the container it looks like some different distro like Ubuntu or Alpine).

  • You update the host to Linux kernel 6.1.

  • Instantly, all containers are now working on top of kernel 6.1.

Important consequence:

  • Containers are very lightweight because they don’t need to boot their own kernels.

  • But containers are also dependent on the host’s kernel behavior and features.

  • If the host’s kernel has a bug → all containers can be affected.

VMs (like EC2, Xen, KVM) are different:

  • Every VM has its own kernel inside.

  • You can have a Linux 5.10 VM running on a Xen hypervisor with Linux 6.1 underneath — totally independent.

Every time you update or change the host kernel, you risk something inside all containers breaking.
Because the containers assume certain kernel behaviors — and if the new kernel changes those behaviors (even slightly), boom, weird problems.

Typical issues you might see after a kernel change:

  • Apps inside containers start crashing.

  • Certain syscalls no longer behave the way the container expects.

  • Networking inside containers acts weird.

  • File systems behave differently (e.g., overlayfs bugs).

  • Security settings (like seccomp filters or AppArmor profiles) suddenly don’t match.

That’s why:

  • Big companies usually test containers carefully before upgrading the host kernel.

  • Some even pin their hosts to older kernels just to avoid surprises.

  • Kernel updates are treated very seriously in production environments with containers.

If you’re running Docker on Linux, the reality is:

  • Linux kernels are insanely stable for container use.

  • If you stick to LTS (Long-Term Support) kernels (like 5.10, 5.15, 6.1…), you usually don’t hit surprises.

  • And yeah, maybe once a year you update — maybe for security patches, hardware support, or new features.

  • Otherwise?
    If it ain’t broke, don’t fix it. 🛠️🍻

Pro move:
Some teams even delay kernel upgrades a few months after release → so others find the bugs first. 😂