Choose style:

Author Topic: Canonical enterprise kernel livepatch service, free to Ubuntu community [SOLVED]  (Read 1165 times)

0 Members and 1 Guest are viewing this topic.

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3876
  • Karma: 303
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Hello Peppermint,

I received this is my email this afternoon, and I don't know what to make of it.  :-\

perknh

Canonical enterprise kernel livepatch service, free to Ubuntu community!
Inbox  x

Dustin Kirkland <kirkland@canonical.com>
2:02 PM (3 hours ago)

to ubuntu-announce
Kernel live patching enables runtime correction of critical security
issues in your kernel without rebooting. It’s the best way to ensure
that machines are safe at the kernel level, while guaranteeing uptime,
especially for container hosts where a single machine may be running
thousands of different workloads.

We’re very pleased to announce that this new enterprise, commercial
service from Canonical will also be available free of charge to the
Ubuntu community.

The Canonical Livepatch Service is an authenticated, encrypted, signed
stream of livepatch kernel modules for Ubuntu servers, virtual
machines and desktops.

Community users of Ubuntu are welcome to enable the Canonical
Livepatch Service on 3 systems running 64-bit Intel/AMD Ubuntu 16.04
LTS.  (To enable the Canonical Livepatch Service on more than 3
systems, please see http://ubuntu.com/advantage for commercial support
subscriptions starting at $12 per month.)

On an up-to-date, 64-bit Ubuntu 16.04 LTS system, you can enable the
Canonical Livepatch Service today in 3 simple steps:

(1) Go to https://ubuntu.com/livepatch and retrieve your livepatch
token, for example: d3b07384d213edec49eaa6238ad5ff00

(2) Install the livepatch snap, like this:
  $ sudo snap install canonical-livepatch

(3) Enable your account with the token from step 1
  $ sudo canonical-livepatch enable d3b07384d113edec49eaa6238ad5ff00

That’s it.  You’re up and running!  You can check your status at any time with:

  $ canonical-livepatch status
  kernel: 4.4.0-38.57-generic
  fully-patched: true
  version: "12.2"

Now your kernel will remain securely patched, and you can reboot when
it’s convenient for you.

For more detailed technical information, screenshots, and a demo, see
my blog post at:
 * http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html

And see the official landing page at:
 * http://www.ubuntu.com/server/livepatch

Cheers,

Dustin Kirkland
(on behalf of dozens of my colleagues at Canonical who are the brains
and brawn behind this amazing work! )



--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce
« Last Edit: October 18, 2016, 06:01:20 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26280
  • Karma: 2855
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Canonical enterprise kernel livepatch service, free to Ubuntu community!
« Reply #1 on: October 18, 2016, 05:47:13 pm »
Is there a question there perknh ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Pjotr

  • Guest
Re: Canonical enterprise kernel livepatch service, free to Ubuntu community!
« Reply #2 on: October 18, 2016, 05:47:25 pm »
It's a cool thing to have when you're running a server, for which uptime is critical. The technology is absolutely astounding: it's like replacing an engine in a car while it's driving!

For desktop users it's not relevant at all. What does one more reboot matter?  :D

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3876
  • Karma: 303
  • Soy un huevo, nada más.
    • View Profile
  • Peppermint version(s): Peppermint 10
Re: Canonical enterprise kernel livepatch service, free to Ubuntu community!
« Reply #3 on: October 18, 2016, 05:59:51 pm »
Sorry, PCNetSpec, I didn't understand what it was.  I was wondering if it would be a handy thing to install or not.  I'm going to just let it be.  Yeah, Pjotr, one more reboot doesn't bother me at all.  ;)

Thank you, PCNetSpec and Pjotr. 

« Last Edit: October 18, 2016, 06:02:27 pm by perknh »
We're all Peppermint users and that's what matters  ;).  -- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26280
  • Karma: 2855
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Yeah as Pjotr suggests .. I wouldn't bother on a desktop.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec