AL2023 kernel changes from Amazon Linux 1 (AL1)
Kernel Live Patching
Both AL2023 and AL2 add support for kernel live-patching functionality. This allows you to patch critical and important security vulnerabilities in the Linux kernel without reboot or downtime. For more information, see Kernel Live Patching on AL2023.
Kernel file system support
There have been several changes in the file systems that the kernel in AL1 will support mounting, along with changes in the partitioning schemes that the kernel will parse.
CONFIG option |
AL1/4.14/x86_64 | AL2023/6.1/aarch64 | AL2023/6.1/x86_64 |
|---|---|---|---|
| CONFIG_AFS_FS |
m
|
n
|
n
|
| CONFIG_AF_RXRPC |
m
|
n
|
n
|
| CONFIG_BSD_DISKLABEL |
y
|
n
|
n
|
| CONFIG_CRAMFS |
m
|
n
|
n
|
| CONFIG_CRAMFS_BLOCKDEV | N/A | N/A | N/A |
| CONFIG_DM_CLONE | N/A |
n
|
n
|
| CONFIG_DM_ERA |
n
|
n
|
n
|
| CONFIG_DM_INTEGRITY |
m
|
m
|
m
|
| CONFIG_DM_LOG_WRITES |
n
|
m
|
m
|
| CONFIG_DM_SWITCH |
n
|
n
|
n
|
| CONFIG_DM_VERITY |
n
|
n
|
n
|
| CONFIG_ECRYPT_FS |
m
|
n
|
n
|
| CONFIG_EXFAT_FS | N/A |
m
|
m
|
| CONFIG_EXT2_FS |
m
|
n
|
n
|
| CONFIG_EXT3_FS |
m
|
n
|
n
|
| CONFIG_GFS2_FS |
n
|
n
|
n
|
| CONFIG_HFSPLUS_FS |
m
|
n
|
n
|
| CONFIG_HFS_FS |
m
|
n
|
n
|
| CONFIG_JFS_FS |
m
|
n
|
n
|
| CONFIG_LDM_PARTITION |
y
|
n
|
n
|
| CONFIG_MAC_PARTITION |
y
|
n
|
n
|
| CONFIG_NFS_V2 |
m
|
n
|
n
|
| CONFIG_NTFS_FS |
m
|
n
|
n
|
| CONFIG_ROMFS_FS |
m
|
n
|
n
|
| CONFIG_SOLARIS_X86_PARTITION |
y
|
n
|
n
|
| CONFIG_SQUASHFS_ZSTD |
y
|
y
|
y
|
| CONFIG_SUN_PARTITION |
y
|
n
|
n
|
Security focused kernel config changes
CONFIG option |
AL1/4.14/x86_64 | AL2023/6.1/aarch64 | AL2023/6.1/x86_64 |
|---|---|---|---|
| CONFIG_BUG_ON_DATA_CORRUPTION |
y
|
y
|
y
|
| CONFIG_DEFAULT_MMAP_MIN_ADDR |
4096
|
65536
|
65536
|
| CONFIG_DEVMEM |
y
|
n
|
n
|
| CONFIG_DEVPORT |
y
|
n
|
n
|
| CONFIG_FORTIFY_SOURCE |
y
|
y
|
y
|
| CONFIG_HARDENED_USERCOPY_FALLBACK | N/A | N/A | N/A |
| CONFIG_INIT_ON_ALLOC_DEFAULT_ON | N/A |
n
|
n
|
| CONFIG_INIT_ON_FREE_DEFAULT_ON | N/A |
n
|
n
|
| CONFIG_IOMMU_DEFAULT_DMA_STRICT | N/A |
n
|
n
|
| CONFIG_LDISC_AUTOLOAD |
y
|
n
|
n
|
| CONFIG_SCHED_CORE | N/A | N/A |
y
|
| CONFIG_SCHED_STACK_END_CHECK |
y
|
y
|
y
|
| CONFIG_SECURITY_DMESG_RESTRICT |
n
|
y
|
y
|
| CONFIG_SECURITY_SELINUX_DISABLE |
y
|
n
|
n
|
| CONFIG_SHUFFLE_PAGE_ALLOCATOR | N/A |
y
|
y
|
| CONFIG_SLAB_FREELIST_HARDENED |
y
|
y
|
y
|
| CONFIG_SLAB_FREELIST_RANDOM |
n
|
y
|
y
|
Other kernel configuration changes
CONFIG option |
AL1/4.14/x86_64 | AL2023/6.1/aarch64 | AL2023/6.1/x86_64 |
|---|---|---|---|
| CONFIG_HZ |
250
|
100
|
100
|
| CONFIG_NR_CPUS |
8192
|
512
|
512
|
| CONFIG_PANIC_ON_OOPS |
n
|
y
|
y
|
| CONFIG_PANIC_ON_OOPS_VALUE |
0
|
1
|
1
|
| CONFIG_PPP |
m
|
n
|
n
|
| CONFIG_SLIP |
m
|
n
|
n
|
| CONFIG_XEN_PV |
y
|
N/A |
n
|