Select Page

How to live patch Ubuntu Linux Kernel without rebooting the server

How to live patch Ubuntu Linux Kernel without rebooting the server

Kernel live patching enables run time correction of critical security issues in running kernel without rebooting. How do I enable or patch my Ubuntu Linux16.04 LTS server without rebooting the box?

Ubuntu Linux version 16.04 LTS supports live patching for both enterprise and the #Ubuntu community members. The Canonical Live-patch Service is an authenticated, encrypted, signed stream of live-patch kernel modules for #Ubuntu servers, virtual machines and desktops.

On 20th October, 2016 Canonical officially announced the support for no reboot kernel patching, freely available on maximum three machines for a single user running 64-bit Intel/AMD #Ubuntu 16.04 LTS. Installing is really easy

sudo apt update 
sudo apt upgrade
sudo apt install snapd

Generate a livepatch key

In order to get started login and generate a key from the following url (a free account is needed):

After login you should see something like this

Enable live patching

sudo snap install canonical-livepatch
sudo canonical-livepatch enable

If everything went well you should read something like

Successfully enabled device. Using machine-token: 5e37xxxxxxxxxxxxxxxxxxxxxxxxxxxxx

To view the status of the daemon

canonical-livepatch status –verbose

client-version: "6" machine-id: 6e2xxxxxxxxxxxxxxxxxxxxx machine-token: 0c38xxxxxxxxxxxxxxxxxxxxxxxxxxxx architecture: x86_64 cpu-model: Intel(R) Xeon(R) CPU           W3520  @ 2.67GHz last-check: 2017-02-17T10:18:14.094602474+01:00 boot-time: 2017-02-08T14:40:20+01:00 uptime: 211h38m28s status: - kernel: 4.4.0-62.83-generic   running: true   livepatch:     checkState: checked     patchState: nothing-to-apply     version: ""     fixes: ""

About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.