ernel live patching enables runtime correction of critical security
issues in your kernel without rebooting. It’s the best way to ensure
that machines are safe at the kernel level, while guaranteeing uptime,
especially for container hosts where a single machine may be running
thousands of different workloads.
We’re very pleased to announce that this new enterprise, commercial
service from Canonical will also be available free of charge to the
Ubuntu community.
The Canonical Livepatch Service is an authenticated, encrypted, signed stream of livepatch kernel modules for Ubuntu servers, virtual machines and desktops.
Community users of Ubuntu are welcome to enable the Canonical Livepatch Service on 3 systems running 64-bit Intel/AMD Ubuntu 16.04
LTS. (To enable the Canonical Livepatch Service on more than 3 systems, please see
http://ubuntu.com/advantage for commercial support subscriptions starting at $12 per month.)
On an up-to-date, 64-bit Ubuntu 16.04 LTS system, you can enable the Canonical Livepatch Service today in 3 simple steps:
(1) Go to
https://ubuntu.com/livepatch and retrieve your livepatch token, for example: d3b07384d213edec49eaa6238ad5ff00
(2) Install the livepatch snap, like this:
$ sudo snap install canonical-livepatch
(3) Enable your account with the token from step 1
$ sudo canonical-livepatch enable d3b07384d113edec49eaa6238ad5ff00
That’s it. You’re up and running! You can check your status at any time with:
$ canonical-livepatch status
kernel: 4.4.0-38.57-generic
fully-patched: true
version: "12.2"
Now your kernel will remain securely patched, and you can reboot when it’s convenient for you.
For more detailed technical information, screenshots, and a demo, see my blog post at:
*
http://blog.dustinkirkland.com/2016/10/canonical-livepatch.htmlAnd see the official landing page at:
*
http://www.ubuntu.com/server/livepatchCheers,
Dustin Kirkland
(on behalf of dozens of my colleagues at Canonical who are the brains and brawn behind this amazing work! )