On 3/1/2010 19:14, Mike McGrath wrote:
How does Amazon keep their images up to date? On a 0 day kernel
exploit,
the first place I'd turn is the amazon ip space.
EC2 doesn't lend itself well to kernel updates. EBS-backed instances
aren't really problematic because one only needs to update kernel
packages, stop the instances, change kernels+initramfs images to newer
ones that Fedora has presumably already made available, and then restart
them.
Instances that don't have EBS-backed root filesystems can't be stopped,
and termination destroys them utterly. So one has to either rebundle
Fedora's image as one backed by EBS or start up a new instance with the
new kernel+initramfs, move everything over, then terminate the old one.