ContextQMD
Back to Lima

Security

website/content/en/docs/security/_index.md

2.1.21.3 KB
Original Source

Base Image Updates & Supply Chain Security

Upstream image links for templates are updated periodically. These images might not include the very latest security patches right away. If you need updates sooner, apply updates by yourself, e.g.,

{{< tabpane text=true >}} {{% tab header="Ubuntu" %}}

bash
sudo apt-get update
sudo apt-get dist-upgrade

{{% /tab %}} {{% tab header="macOS" %}}

bash
sudo softwareupdate --install --all

# For a specific update
softwareupdate --list
sudo softwareupdate --install "Name of the Update"

{{% /tab %}} {{< /tabpane >}}

Alternatively , you can set the upgradePackages in your template to true for most Linux distributions (except alpine-iso, for example).

⚠️ Rapidly updating can reduce exposure to known CVEs, but it can also increase exposure to upstream supply chain compromises (for example, the XZ backdoor).

Security model

See https://github.com/cncf/tag-security/blob/main/community/assessments/projects/lima/self-assessment.md.

Reporting vulnerabilities

See https://github.com/lima-vm/.github/blob/main/SECURITY.md.

Past vulnerabilities

See https://github.com/lima-vm/lima/security.