Ubuntu Kernel Live Patching

You can now apply kernel patches on Ubuntu 16.04 LTS without re-booting by using the Canonical Live Patching service.

You need to be aware of the following, if you want to use this service in production.

* You can use Ubuntu live-patching for free on 3 servers, once you’ve created an SSO account.

* The focus of live-patching from the video would appear to be on kernel security vulnerabilities and not bug-fixes (particularly data corruption) or newer kernel features.

* To quote from the FAQ: “Once a livepatch passes CI/CD and regression tests, it’s rolled out on a canary testing basis, first to a tiny percentage of the Ubuntu Community users of the Canonical Livepatch Service.”

* Quoting from the FAQ : “Ubuntu Community users of the Canonical Livepatch Service who want to eliminate the small chance of being randomly chosen as a canary should enroll in the Ubuntu Advantage program (starting at $12/month).”

* Security is only as strong as the weakest link. Low and medium level CVE alerts will not be patched.

* At present, you cannot rollback Kernel live patches.

Obtain your TOKEN – Select Ubuntu User or Ubuntu Advantage customer (paid support)
https://auth.livepatch.canonical.com/

 $ sudo snap install canonical-livepatch
 $ sudo canonical-livepatch enable [TOKEN]
 $ canonical-livepatch status --verbose

http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html
https://git.launchpad.net/~ubuntu-livepatch/+git/xenial-livepatches/

Advertisements
This entry was posted in linux, ubuntu. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s