On 3/1/2010 19:14, Mike McGrath wrote: > How does Amazon keep their images up to date? On a 0 day kernel exploit, > the first place I'd turn is the amazon ip space. EC2 doesn't lend itself well to kernel updates. EBS-backed instances aren't really problematic because one only needs to update kernel packages, stop the instances, change kernels+initramfs images to newer ones that Fedora has presumably already made available, and then restart them. Instances that don't have EBS-backed root filesystems can't be stopped, and termination destroys them utterly. So one has to either rebundle Fedora's image as one backed by EBS or start up a new instance with the new kernel+initramfs, move everything over, then terminate the old one.
