Installing or upgrading packages in Linux distributions does not normally require rebooting your system, except for the Linux kernel and drivers. But since Linux 4.0 kernel, Live Kernel patching is possible, meaning Linux kernel updates can be performed without having to reboot your server or computer. Canonical is now taking advantage of this new feature with their Livepatch Service available for Ubuntu 16.04 LTS and greater.
If you want to enable it on your machine, you’ll have to authenticate to Livepatch portal to get a key / token for the service as shown in the screenshot above.
Now you can install the service:
sudo snap install canonical-livepatch
and enable it with your token:
sudo canonical-livepatch enable [your-token]
Successfully enabled device. Using machine-token: [your-token]
That’s it. Your can check Livepatch service status with the command:
canonical-livepatch status --verbose
cpu-model: AMD FX(tm)-8350 Eight-Core Processor
- kernel: 4.4.0-45.66-generic
In my case, an update was not necessary, but if there’s one you should see something like:
fixes: '* CVE-2012-6828'
That way you can make sure your system always have the latest security patchsets. This is mostly useful for servers, but it might not be a bad idea to enabled for your computer too, especially it’s free for end-users for up to 3 machines. Companies need to apply to Ubuntu Advantage for business to support more machines.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.