Hi Bernd,

Docker containers do provide a level of isolation, much more than chroot will do (see i.e. https://docs.docker.com/engine/security/security/). But as in effect the processes within are still running natively on the host machine, live migration is not available AFAICT.

Depending on your scenario, running these applications on old base software can inflict a severe security problem. Isolating the applications may not be sufficient at all, but it's something you'll have to decide, as only you know the environment in which these applications are used, what security policies are to apply and what potential damage can result in exploiting loopholes in i.e. PHP, MySQL and/or the software packages.

Using Docker can be quite different from running you application in a VM, especially since typically, each service is isolated in a separate container. So usually there's no bundling httpd and MySQL in a common container.

If you come from a VM world and will finally run everything inside VMs, I'd recommend to skip Docker for the time being. OTOH, getting to know containers will definitely lead to a valuable expansion of your production toolset

Regards,
J