Ubuntu Canonical Livepatch Service

Since I am running several machines with LXD containers, it is extra important to keep the host kernel up-to-date with security patches since every container uses the host kernel. Using Canonicals Livepatch Service enables live patching without a reboot / restart for free for up to 3 machines. For this to work you need:

  • Fully updated 64-bit Ubuntu 16.04 LTS (Xenial) running kernel 4.4 (GA) and not the optional HWE kernel which is at 4.8
  • A free Ubuntu One account

To install and enable livepatching simply do:

  1. Go to https://ubuntu.com/livepatch and select “Ubuntu User” and click “Get your Livepatch token” to retrieve your livepatch token
  2. In the terminal install the service
    sudo snap install canonical-livepatch
  3. Enable the service with the token retrieved from step 1
    sudo canonical-livepatch enable "Livepatch token from step 1"
  4. Check if the service is running
    canonical-livepatch status --verbose
    client-version: "7.21"
    machine-id: 432b7728d2c94336325f494158288c1b
    machine-token: ec2a887cc4ff40edbfaa590cd73f9266
    architecture: x86_64
    cpu-model: QEMU Virtual CPU version (cpu64-rhel6)
    last-check: 2017-04-13T12:56:36.992+02:00
    boot-time: 2017-04-13T12:56:21+02:00
    uptime: 2m43s
    status:
    - kernel: 4.4.0-72.93-generic
      running: true
      livepatch:
        checkState: checked
        patchState: nothing-to-apply
        version: ""
        fixes: ""

Leave a Reply

Be the First to Comment!


wpDiscuz