On Mon, 1 Mar 2010, Jeremy Katz wrote: > On Mon, Mar 1, 2010 at 12:29 PM, Ewan Mac Mahon <ewan at macmahon.me.uk> wrote: > > On Mon, Mar 01, 2010 at 10:38:25AM -0500, David Huff wrote: > >> I never said mine was perfect, however a good starting point for this > >> type of discussion, which I have been wanting to have for a long time. > >> > >> When we started the AOS (like 2 years ago) the base requirements were > >> basically: DHCP, sshd, yum, and selinux (which was disabled in EC2 due > >> to issues w/ their infrastructure). > >> > > Do we know what these issues were, and whether they still exist? Do the > > F12 updates kernels currently being tested allow a guest to run on EC2 > > with selinux enabled? > > The Amazon provided kernels have SELinux disabled. When we're running > newer kernels, it shouldn't be an issue/concern > How does Amazon keep their images up to date? On a 0 day kernel exploit, the first place I'd turn is the amazon ip space. -Mike
