Announcement

Collapse
No announcement yet.

Canonical Rolls Out Its Own Kernel Livepatching Service For Ubuntu

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by uid313 View Post
    Ubuntu should have easier kernel naming.
    They name 4.8.0-22-24. What does that even mean?
    I heard it is even 4.8.1 even though the name tells otherwise?
    I am so confused!
    you have the change log the last one ubuntu kernel 4.8.0-25-xx is based in linux 4.8.1

    Comment


    • #22

      Code:
      :~$ sudo canonical-livepatch enable ___2016/10/19 11:09:41 Error executing enable?auth-token=___. Connection to the daemon failed: Put http://127.0.0.1/enable?auth-token=___: dial unix /var/snap/canonical-livepatch/15/livepatchd-priv.sock: connect: no such file or directory :~$ canonical-livepatch status Connection to the daemon failed: Get http://127.0.0.1/status?verbose=false: dial unix /var/snap/canonical-livepatch/15/livepatchd.sock: connect: no such file or directory
      There is something I'm doing wrong...

      Comment


      • #23
        https://ubuntuforums.org/showthread.php?t=2340494

        Comment


        • #24
          I understand why some people are afraid to reset their servers. But to be frank, if you don't have a redundant solution for customer facing applications, perhaps you are doing something wrong. And perhaps if you are paying someone money so you don't have to 'reset' the computer perhaps there is also something wrong happening. I understand the real world, but it seems like the per node pricing is a tad on the appeal to lazy deep pockets.

          Comment


          • #25
            So as a Ubuntu desktop user, what kind of functionality I could patch without rebooting? I guess it won't work for something like kernel 4.8 -> 4.9 display drivers?

            Comment


            • #26
              Excuse my ignorance in this area, but wouldn't it be possible to accomplish the same thing with kexec and hibernate?

              Comment


              • #27
                Originally posted by pcxmac View Post
                I understand why some people are afraid to reset their servers. But to be frank, if you don't have a redundant solution for customer facing applications, perhaps you are doing something wrong. And perhaps if you are paying someone money so you don't have to 'reset' the computer perhaps there is also something wrong happening. I understand the real world, but it seems like the per node pricing is a tad on the appeal to lazy deep pockets.
                This service makes a lot of sense here since you would buy the service only for those machines that you can't reboot regularly.

                Comment


                • #28
                  Originally posted by peppercats View Post
                  Excuse my ignorance in this area, but wouldn't it be possible to accomplish the same thing with kexec and hibernate?
                  kexec isn't the best tool as it is basically a soft reboot.
                  • Memory of the currently running kernel is overwritten by the new kernel, while the old one is still executing.
                  • The new kernel will usually expect all hardware devices to be in a well defined state, in which they are after a system reboot because the system firmware resets them to a "sane" state. Bypassing a real reboot may leave devices in an unknown state, and the new kernel will have to recover from that.


                  Also, these implementations are supposed to patch the kernel without blowing up applications that are still using the features being patched, with a kexec you would risk blowing them up.

                  Comment


                  • #29
                    Although I'm just another ordinary desktop user, I signed up anyway for the piece-of-mind.

                    Comment


                    • #30
                      Originally posted by F.Ultra View Post

                      How do you manage to see this as vendor lock in?
                      If I am not mistaking canonical livepatch require a key of some sort, These kinds of things should be totally transparent.

                      http://www.dirtcellar.net

                      Comment

                      Working...
                      X