Kernel Live Patching Kernel file system support Security focused kernel config changes Other kernel configuration changes

AL2023 kernel changes from Amazon Linux 1 (AL1)

Kernel Live Patching

Both AL2023 and AL2 add support for kernel live-patching functionality. This allows you to patch critical and important security vulnerabilities in the Linux kernel without reboot or downtime. For more information, see Kernel Live Patching on AL2023.

Kernel file system support

There have been several changes in the file systems that the kernel in AL1 will support mounting, along with changes in the partitioning schemes that the kernel will parse.

`CONFIG` option	AL1/4.14/x86_64	AL2023/6.1/aarch64	AL2023/6.1/x86_64	AL2023/6.12/aarch64	AL2023/6.12/x86_64
CONFIG_AFS_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_AF_RXRPC	`m`	`n`	`n`	`n`	`n`
CONFIG_BSD_DISKLABEL	`y`	`n`	`n`	`n`	`n`
CONFIG_CRAMFS	`m`	`n`	`n`	`n`	`n`
CONFIG_CRAMFS_BLOCKDEV	N/A	N/A	N/A	N/A	N/A
CONFIG_DM_CLONE	N/A	`n`	`n`	`n`	`n`
CONFIG_DM_ERA	`n`	`n`	`n`	`n`	`n`
CONFIG_DM_INTEGRITY	`m`	`m`	`m`	`m`	`m`
CONFIG_DM_LOG_WRITES	`n`	`m`	`m`	`m`	`m`
CONFIG_DM_SWITCH	`n`	`n`	`n`	`n`	`n`
CONFIG_DM_VERITY	`n`	`n`	`n`	`n`	`n`
CONFIG_ECRYPT_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_EXFAT_FS	N/A	`m`	`m`	`m`	`m`
CONFIG_EXT2_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_EXT3_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_GFS2_FS	`n`	`n`	`n`	`n`	`n`
CONFIG_HFSPLUS_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_HFS_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_JFS_FS	`n`	`n`	`n`	`n`	`n`
CONFIG_LDM_PARTITION	`y`	`n`	`n`	`n`	`n`
CONFIG_MAC_PARTITION	`y`	`n`	`n`	`n`	`n`
CONFIG_NFS_V2	`m`	`n`	`n`	`n`	`n`
CONFIG_NTFS_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_ROMFS_FS	`m`	`n`	`n`	`n`	`n`
CONFIG_SOLARIS_X86_PARTITION	`y`	`n`	`n`	`n`	`n`
CONFIG_SQUASHFS_ZSTD	`y`	`y`	`y`	`y`	`y`
CONFIG_SUN_PARTITION	`y`	`n`	`n`	`n`	`n`

Security focused kernel config changes

`CONFIG` option	AL1/4.14/x86_64	AL2023/6.1/aarch64	AL2023/6.1/x86_64	AL2023/6.12/aarch64	AL2023/6.12/x86_64
CONFIG_BUG_ON_DATA_CORRUPTION	`y`	`y`	`y`	`y`	`y`
CONFIG_DEFAULT_MMAP_MIN_ADDR	`4096`	`65536`	`65536`	`65536`	`65536`
CONFIG_DEVMEM	`y`	`n`	`n`	`n`	`n`
CONFIG_DEVPORT	`y`	`n`	`n`	`n`	`n`
CONFIG_FORTIFY_SOURCE	`y`	`y`	`y`	`y`	`y`
CONFIG_HARDENED_USERCOPY_FALLBACK	N/A	N/A	N/A	N/A	N/A
CONFIG_INIT_ON_ALLOC_DEFAULT_ON	N/A	`n`	`n`	`n`	`n`
CONFIG_INIT_ON_FREE_DEFAULT_ON	N/A	`n`	`n`	`n`	`n`
CONFIG_IOMMU_DEFAULT_DMA_STRICT	N/A	`n`	`n`	`n`	`n`
CONFIG_LDISC_AUTOLOAD	`y`	`n`	`n`	`n`	`n`
CONFIG_SCHED_CORE	N/A	N/A	`y`	N/A	`y`
CONFIG_SCHED_STACK_END_CHECK	`y`	`y`	`y`	`y`	`y`
CONFIG_SECURITY_DMESG_RESTRICT	`n`	`y`	`y`	`y`	`y`
CONFIG_SECURITY_SELINUX_DISABLE	`y`	`n`	`n`	N/A	N/A
CONFIG_SHUFFLE_PAGE_ALLOCATOR	N/A	`y`	`y`	`y`	`y`
CONFIG_SLAB_FREELIST_HARDENED	`y`	`y`	`y`	`y`	`y`
CONFIG_SLAB_FREELIST_RANDOM	`n`	`y`	`y`	`y`	`y`

Other kernel configuration changes

`CONFIG` option	AL1/4.14/x86_64	AL2023/6.1/aarch64	AL2023/6.1/x86_64	AL2023/6.12/aarch64	AL2023/6.12/x86_64
CONFIG_HZ	`250`	`100`	`100`	`100`	`100`
CONFIG_NR_CPUS	`8192`	`4096`	`8192`	`4096`	`8192`
CONFIG_PANIC_ON_OOPS	`n`	`y`	`y`	`y`	`y`
CONFIG_PANIC_ON_OOPS_VALUE	`0`	`1`	`1`	`1`	`1`
CONFIG_PPP	`m`	`n`	`n`	`n`	`n`
CONFIG_SLIP	`m`	`n`	`n`	`n`	`n`
CONFIG_XEN_PV	`y`	N/A	`n`	N/A	`n`

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Comparing AL1 and AL2023

AL1 and AL2023 AMI comparison