OS explicitly designed to only run containers, with all other services and functionality disabled, and with read-only file systems and other hardening practices employed. When using a container-specific OS, attack surfaces are typically much smaller than they would be with a general-purpose OS, so there are fewer opportunities to attack and compromise a container-specific OS. Accordingly, whenever possible, organizations should use container-specific OSes to reduce their risk. However, it is important to note that container specific OSes will still have vulnerabilities over time that require remediation.
Lean OS. Minimal size, minimal boot time • 4.9 Kernel • Allows you to run any container runtimes • Batteries included but can be replaced • All system services are containers
25 • Smaller attack surface • Immutable infrastructure • Sandboxed system services • Specialized patches and configurations • You have full control over the build • The configuration is all yaml