What is the preferred method to update containers? If I have an application running on CentOS 6.x and a patch is released (ie shellshock), can I stop the container and update that package and rerun it preserving its state?
The preferred method would be to use volumes for persistent data:
So if you want to update the containers base, just pull the latest image and start a new one.
But there are other options…