Rh ftw!
Anything you can do... I can better...
and anything you can do sucks because we (effectively) own the kernel!!
RH FTW!
Announcement
Collapse
No announcement yet.
Red Hat Intros Kpatch For Dynamic Kernel Patching
Collapse
X
-
Originally posted by svanheulenI never really understood why anyone would want to do this. I would think, even on systems that need to maximize up time, you would want to do scheduled maintenance once in a while. This way you know exactly how the system will behave on shutdown/startup so when unintended downtime occurs you aren't blindsided by something odd.
1: Incident response -- (we're down, being actively exploited, etc, etc)
2: Emergency change -- (we could go down, are vulnerable, etc etc)
3: Scheduled change -- (we want to waste as much time, resources, and money possible prior to any change being made)
Kpatch fits nicely into number 1 and 2. Rebooting a new kernel is not a quick option as you would literally have to restart ~1000 servers, which means there's 1000 opportunities for something to go wrong. Perhaps an NFS mount fails, perhaps a disk is full that didn't have an alert set, perhaps the bosons and errors invade.
Leave a comment:
-
Originally posted by svanheulenI never really understood why anyone would want to do this. I would think, even on systems that need to maximize up time, you would want to do scheduled maintenance once in a while. This way you know exactly how the system will behave on shutdown/startup so when unintended downtime occurs you aren't blindsided by something odd.
Does anyone knows the main differences/advantages between the three proposed systems?
Leave a comment:
-
Originally posted by Sonadow View PostKsplice, Kgraft and now Kpatch.
NIH syndrome at its best. And i'll bet that Kpatch eventually gets upstreamed just because it's from Red Hat.
We must observe this phenomena closely!
Leave a comment:
-
Guest repliedOriginally posted by Sonadow View PostKsplice, Kgraft and now Kpatch.
NIH syndrome at its best. And i'll bet that Kpatch eventually gets upstreamed just because it's from Red Hat.
I would not be surprised if the code that will be merged upstream would not contain parts from both kgraft an kpatch.
Leave a comment:
-
Ksplice, Kgraft and now Kpatch.
NIH syndrome at its best. And i'll bet that Kpatch eventually gets upstreamed just because it's from Red Hat.
Leave a comment:
-
inb4 both RH and Suse solutions get upstream, and a rootkit uses each to patch the other out at runtime.
Leave a comment:
-
Red Hat Intros Kpatch For Dynamic Kernel Patching
Phoronix: Red Hat Intros Kpatch For Dynamic Kernel Patching
Red Hat's latest open-source contribution to the Linux community is Kpatch, yet another means of dynamic patching for the Linux kernel...
Tags: None
Leave a comment: