Ubuntu Canonical Livepatch Service

Since I am running several machines with LXD

containers, it is extra important to keep the host kernel up-to-date with security patches since every container uses the host kernel. Using Canonicals Livepatch Service enables live patching without a reboot / restart for free for up to 3 machines.

Notice: Once a livepatch passes Ubuntu’s internal test, it is rolled out on a canary testing basis, first to a tiny percentage of the Ubuntu Community users of the Canonical Livepatch Service - the free tier of this service. If you do not wan’t the risk of ending up being a guinea pig you need to pay for the service.

For this to work you need:

Fully updated 64-bit Ubuntu 16.04 LTS (Xenial) running kernel 4.4 (GA)

and not the optional HWE kernel which is at 4.8
A free Ubuntu One account

To install and enable livepatching simply do:

Go to https://ubuntu.com/livepatch and select “Ubuntu User” and click “Get your Livepatch token” to retrieve your livepatch token
In the terminal install the service
```
$sudo snap install canonical-livepatch
```

Enable the service with the token retrieved from step 1

$sudo canonical-livepatch enable "Livepatch token from step 1"

Check if the service is running

$canonical-livepatch status --verbose
client-version: "7.21"
machine-id: 432b7728d2c94336325f494158288c1b
machine-token: ec2a887cc4ff40edbfaa590cd73f9266
architecture: x86_64
cpu-model: QEMU Virtual CPU version (cpu64-rhel6)
last-check: 2017-04-13T12:56:36.992+02:00
boot-time: 2017-04-13T12:56:21+02:00
uptime: 2m43s
status:
- kernel: 4.4.0-72.93-generic
  running: true
  livepatch:
 checkState: checked
 patchState: nothing-to-apply
 version: ""
 fixes: ""

Ubuntu Canonical Livepatch Service

Explore more: