I'm trying to create a specialized (minified) Linux kernel based on my Dockerfile. Is there a solution that an automatically create a kernel image containing only the absolutely necessary functionality, specific to my Docker configuration? Default kernel shipped with a distro seems to contain a lot of unnecessary functionality, and poses high security risks.
My understanding (perhaps wrong) is that the linux _kernel_ is in the host machine that is running the docker containers, and is not contained in the container image you define in the docker file & build into an image with docker.<p>So if you don't like how the kernel is configured, that'd require you to reconfigure the kernel on each host that will run your containers, independently of what is inside the container. But perhaps your question is about what is in the container, and not really about the kernel?<p>Maybe to make your question clearer: what are explicit examples of things that don't you like about the current configuration that you are trying to change or disable?<p>In terms of removing unnecessary stuff from a container image, the easiest/simplest way to do this probably depends on what application you're packaging into a container & how it is implemented.<p>For example, it is possible to build container image for a go application that starts with an empty "scratch" container base image (ie there's no layer of distro such as debian, debian-slim or Alpine Linux).<p>Not sure if this is a great guide but it has an example: <a href="https://medium.com/@chemidy/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324" rel="nofollow">https://medium.com/@chemidy/create-the-smallest-and-secured-...</a><p>The same approach of starting without a distro as the base layer of the docker container image won't be as easy for deploying a different application that does not contain its own dependencies and assumes it can load a bunch of shared libraries that the distribution provides & read files the distribution has prepared for it.
Download the kernel source, once unpacked you can configure it to build only the modules you have currently loaded via "make localmodconfig".<p>Of course if you've never built a kernel before you'll need to read the documentation, and you'll probably want to look at the Ubuntu documentation too - since you'll want to build a .deb package, rather than a raw kernel. You'll want to search for "ubuntu make-kpkg".<p>But really you're not going to gain much, except learning. Sure a kernel with less stuff available might save disk space, but there are easier ways to save disk-space on Ubuntu systems..