[Dev] Patching using docker commit

In case anyone finds this useful, here is how I patched the last remaining unpatched container in eduid. This particular container didn't want to play along nicely when I tried to patch it during the week, but yesterday I finally found out why and had it running in our staging-environment. Today when I wanted to tag it as stable and release it - it turned out that docker.sunet.se was unavailable for perhaps upgrades to the new version? However I didn't want to wait any longer with patching, so I did it locally on the machines running the vulnerable container as follows: 1. Make a backup in case something goes wrong: docker tag docker.sunet.se/eduid/eduid-signup:stable docker.sunet.se/eduid/eduid-signup:stable-backup-2016-02-20 2. Enter the container: root at signup-tug-3:~# docker exec -it eduid-signup /bin/bash 3. run apt-get update and apt-get upgrade inside the container 4. Exit the container and get the container ID: root at signup-tug-3:~# docker ps -q --filter=name=eduid-signup fbffa2f6e0de 5. Create a new image from the running container: docker commit -m="Upgraded glibc" -a="john at nordu.net" fbffa2f6e0de docker.sunet.se/eduid/eduid-signup:stable 6. service docker-eduid-signup restart 7. Verify that the new image contains the patched version: docker exec -it eduid-signup sh -c "dpkg -l libc-bin|tail -1" //John