search

amazonlinux / amazon-linux-2023

Amazon Linux 2023
https://aws.amazon.com/linux/amazon-linux-2023/
Other
527 stars 39 forks source link

[Bug] - Kernel live patching #293

Closed herrsergio closed 1 year ago

herrsergio commented 1 year ago

Describe the bug From the README.md:

Kernel Live Patching: Amazon Linux 2023 includes kernel live patching functionality. This enables you to patch critical and important security vulnerabilities in the Linux kernel without reboot or downtime. [Not available until AL2023 GA]

But the steps described in: https://docs.aws.amazon.com/linux/al2023/ug/live-patching.html cannot be completed.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://docs.aws.amazon.com/linux/al2023/ug/live-patching.html
  2. Try to follow the steps to "Enable Kernel Live Patching"

Expected behavior Install the needed packages and enable the kpatch.service

sam-aws commented 1 year ago

Which part are you finding an issue with? If something isn't working, which AMI are you using?

I spun up a new AL2023 instance and the steps appear to work, e.g.

[ec2-user@ip-172-31-10-149 ~]$ sudo dnf kernel-livepatch -y auto
Last metadata expiration check: 0:00:17 ago on Thu Mar 23 15:53:34 2023.
Dependencies resolved.
===========================================================================================================================================================================
 Package                                                Architecture                    Version                                 Repository                            Size
===========================================================================================================================================================================
Installing:
 kernel-livepatch-6.1.15-28.43                          x86_64                          1.0-0.amzn2023                          amazonlinux                           12 k
...
Installed:
  kernel-livepatch-6.1.15-28.43-1.0-0.amzn2023.x86_64                                                                                                                      

Complete!
[ec2-user@ip-172-31-10-149 ~]$ sudo rpm -qa | grep kernel-livepatch
kernel-livepatch-repo-s3-2023.0.20230315-1.amzn2023.noarch
kernel-livepatch-6.1.15-28.43-1.0-0.amzn2023.x86_64
stewartsmith commented 1 year ago

Appears to work as documented. Please re-open if there's some more steps you can share on how to reproduce.