How Immutable Rootfs and Remove Shell Reinvent Container Node Security

Kubernetes has become the core infrastructure for enterprise applications and AI workloads, which pushes the responsibility of container node operating systems to a new level. Threats such as malicious code persistence, lateral movement after container escape, and script injection make OS‑level security a non‑negotiable part of the cloud‑native security stack.

Core Feature 1: Immutable Rootfs – an Unchangeable System Foundation

Traditional general‑purpose OSes expose a writable root filesystem; once an attacker escapes the container, they can plant backdoors or tamper with system files to achieve persistence. Immutable Rootfs addresses this by adhering to the "immutable infrastructure" principle: the entire root filesystem is mounted read‑only and can only be replaced at the image level. Even if an attacker gains host access, the system remains read‑only, cutting the attack chain at the point of persistence.

Architecturally, ContainerOS separates the system disk (5 GB) from the data disk. The system disk holds the rootfs partition, which is fully read‑only; the data disk stores container images and user data, achieving physical isolation of system components and business data. The critical configuration directory /etc is mounted with noexec, preventing execution of malicious binaries from that path.

Defends against persistence attacks – read‑only FS blocks backdoor implantation and system file tampering.

Ensures system integrity – runtime state always matches the factory image, enabling built‑in integrity checks.

Simplifies security operations – whole‑disk replacement eliminates patch‑stack drift.

Lightweight deployment – a 5 GB system disk dramatically reduces storage cost.

Core Feature 2: Remove Shell – Eliminating the Attack Surface at Its Source

Script interpreters (bash, Python, Perl, etc.) are the most frequently abused OS components. ContainerOS deliberately omits package managers and any script interpreters from the base image. The latest release goes further by removing /usr/bin/bash and /usr/bin/sh, leaving the host without any command‑line execution capability. Consequently, the classic escape → obtain shell → malicious operation chain is broken at the source.

To retain operability, ContainerOS introduces a "maintenance container" model. This privileged container shares the host’s PID and network namespaces and bundles a full toolchain for logs, process monitoring, network debugging, and performance diagnostics. Operators access the maintenance container via ECS Workbench without passwords, preserving full operational capability while keeping the host’s attack surface minimal.

Completely removes script execution surface – effectively blocks RCE and privilege‑escalation attacks.

Maintains operational experience – the maintenance container provides comprehensive debugging tools, achieving security without sacrificing manageability.

Deep Integration with ACK Auto Mode

ContainerOS is the default OS for Alibaba Cloud Container Service (ACK) Auto Mode managed node pools. Its immutable security architecture synergizes with ACK Auto Mode’s fully managed lifecycle, so users do not need to handle node creation, scaling, upgrades, or security patches. Every automatically provisioned node inherits the high‑grade security guarantees out‑of‑the‑box. The lightweight design also speeds up node boot time, offering a solid foundation for rapid, elastic scaling of AI workloads.

Conclusion

The security upgrade of ContainerOS exemplifies Alibaba Cloud’s practice of redefining container node security from the OS layer upward. By moving away from patch‑based fixes to architectural redesign—Immutable Rootfs and Remove Shell—the platform eliminates attack surfaces rather than merely covering them. Future work will continue to deepen security compliance, startup performance, and AI scenario adaptation, further strengthening the cloud‑native security ecosystem.