Since I am running several machines with LXD containers, it is extra important to keep the host kernel up-to-date with security patches since every container uses the host kernel. Using Canonicals Livepatch Service enables live patching without a reboot / restart for free for up to 3 machines. For this to work you need:
- Fully updated 64-bit Ubuntu 16.04 LTS (Xenial) running kernel 4.4 (GA) and not the optional HWE kernel which is at 4.8
- A free Ubuntu One account
To install and enable livepatching simply do:
- Go to https://ubuntu.com/livepatch and select “Ubuntu User” and click “Get your Livepatch token” to retrieve your livepatch token
- In the terminal install the service
sudo snap install canonical-livepatch
- Enable the service with the token retrieved from step 1
sudo canonical-livepatch enable "Livepatch token from step 1"
- Check if the service is running
canonical-livepatch status --verbose client-version: "7.21" machine-id: 432b7728d2c94336325f494158288c1b machine-token: ec2a887cc4ff40edbfaa590cd73f9266 architecture: x86_64 cpu-model: QEMU Virtual CPU version (cpu64-rhel6) last-check: 2017-04-13T12:56:36.992+02:00 boot-time: 2017-04-13T12:56:21+02:00 uptime: 2m43s status: - kernel: 4.4.0-72.93-generic running: true livepatch: checkState: checked patchState: nothing-to-apply version: "" fixes: ""