Yeah now instead of updating one (host) OS I have to update X container OS/user spaces plus the host users pace plus the shared kernel. I think I will pass on this szenario for long term support.
You don't manually update the container images, you ideally pull it from the vendor, who knows best what is needed to get it working, it's also less hassle even if you build the images, because the image only contains the components that are needed to run than application, it doesn't contain things that are needed for your other applications.
If you are able to run multiple applications on one host, you are likely doing the things that containers do for you.
