Canonical Livepatch Service Automatically Updates Ubuntu 16.04 LTS (and later) with the Latest Kernel without Rebooting

Installing or upgrading packages in Linux distributions does not normally require rebooting your system, except for the Linux kernel and drivers. But since Linux 4.0 kernel, Live Kernel patching is possible, meaning Linux kernel updates can be performed without having to reboot your server or computer. Canonical is now taking advantage of this new feature with their Livepatch Service available for Ubuntu 16.04 LTS and greater.

If you want to enable it on your machine, you’ll have to authenticate to Livepatch portal to get a key / token for the service as shown in the screenshot above.

Now you can install the service:

sudo snap install canonical-livepatch

1	sudo snap install canonical-livepatch

and enable it with your token:

sudo canonical-livepatch enable [your-token]
Successfully enabled device. Using machine-token: [your-token]

1 2	sudo canonical-livepatch enable [your-token] Successfully enabled device. Using machine-token: [your-token]

That’s it. Your can check Livepatch service status with the command:

canonical-livepatch status --verbose
client-version: "5"
machine-id: [your-machine-id]
machine-token: [your-machine-token]
architecture: x86_64
cpu-model: AMD FX(tm)-8350 Eight-Core Processor
last-check: 2016-10-25T19:35:55.009247615+07:00
boot-time: 2016-10-25T09:00:09+07:00
uptime: 10h52m7s
status:
- kernel: 4.4.0-45.66-generic
  running: true
  livepatch:
    state: nothing-to-apply
    version: ""
    fixes: ""

canonical-livepatch status --verbose

client-version: "5"

machine-id: [your-machine-id]

machine-token: [your-machine-token]

architecture: x86_64

cpu-model: AMD FX(tm)-8350 Eight-Core Processor

last-check: 2016-10-25T19:35:55.009247615+07:00

boot-time: 2016-10-25T09:00:09+07:00

uptime: 10h52m7s

status:

- kernel: 4.4.0-45.66-generic

running: true

livepatch:

state: nothing-to-apply

version: ""

fixes: ""

In my case, an update was not necessary, but if there’s one you should see something like:

livepatch:
    state: applied
    version: "12.2"
    fixes: '* CVE-2012-6828'

livepatch:

state: applied

version: "12.2"

fixes: '* CVE-2012-6828'

That way you can make sure your system always have the latest security patchsets. This is mostly useful for servers, but it might not be a bad idea to enabled for your computer too, especially it’s free for end-users for up to 3 machines. Companies need to apply to Ubuntu Advantage for business to support more machines.

Jean-Luc Aufranc (CNXSoft)

Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.