[rdtsc]

> How many people want to run an updated kernel without known security vulnerabilities?

How many people call that "a custom kernel"? Haven't heard anybody call an upstream distro kernel update a "custom kernel".

Is this a typical conversation people have?

"Hey Jim, did you update the servers to get the latest OpenSSL security fixes? - Yap, I compiled and installed a custom kernel".

Maybe they need to run a better distro with faster security update response?

[jsmthrowaway]

It's specific to VM images. "Custom" here means "not baked into Xen," since your filesystem is not considered when spawning a domU kernel except in limited circumstances. In the Xen world, your kernel is provided by your hosting provider. You can apt-get all day and nothing will happen.

That is what custom means in this context. "Not yours." Read accordingly; you've made the same flawed point at several spots in this thread.

[rdtsc]

Ah, I understand now, thanks for explaining.

I thought they used KVM for some reason... But I guess if they use Xen they yeah, they are stuck with whatever kernel they get.

[DanielDent]

I've got both Xen & KVM systems under my care.

It's no longer true that Xen needs to mean managing the kernel outside the VM. PVGRUB can be specified as the 'kernel' to boot, which will chainload a grub which can be managed inside the VM, which lets you run any kernel you wish and manage the boot process as you would on a non-virtualized system.

Amazon uses Xen for their EC2 product, and as I understand they too now set people up with pvgrub.

[jsmthrowaway]

It's a slightly similar story under KVM in these scenarios. Customer kernels are trickier.

[rdtsc]

Depending on what kind of level of virtualization they opted for, I've run Windows on Linux under KVM. They are doing the "boot a kernel" mode instead of fully virtufalized hardware mode probably to save on resources.

[andrewsomething]

Just to confirm, we use KVM across our fleet at DO.

[danellis]

DO uses KVM.