With Ubuntu 18.04 LTS Canonical is making it super easy to take advantage of Linux kernel live patching.
Live patching lets you install and apply critical Linux kernel security updates without rebooting your system.
This means you can keep your computer safe at kernel level without any impact on your uptime or productivity.
Live patching is pretty fast, too. Most kernel fixes apply in seconds, and without any interference to whatever it is you’re doing.
‘You can hold-off on rebooting without holding-out on the latest Linux kernel security patches’
Essential on servers, but available for desktop too
On Linux servers live kernel patching is, naturally, a massive boon. It reduces downtime and maintenance costs while improving overall security and service reliability.
You don’t need to be managing servers and systems that have to be accessible and available at all times to know that live patching is something of a no-brainer.
On the Linux desktop live kernel patching is …Well, it’s a little less essential.
In short, it will allow you to be lazy and/or hit your all-time best up-time goal. You can hold-off on rebooting without holding-out on benefiting from the latest Linux kernel security patches.
There are some things that live patching won’t do¹, like install and enable new graphics drivers, swap out major modules, or seamlessly transition you to an all-new Linux kernel branch.
But it is useful enough to be worth enabling.
‘The ‘Canonical Livepatch Service’ is free to use on up to 3 machines’
Enable Canonical Livepatch on Ubuntu 18.04 LTS
You can make use of live patch on Ubuntu 14.04 LTS and 16.04 LTS, both desktop and server, via the command line.
For desktop users in particular Ubuntu 18.04 LTS makes it even easier to enable live kernel patching on Ubuntu thanks to the following new option in Software & Updates:
You no longer have to use the command line or fetch a token manually. Instead, just pop open the ‘Software & Updates’ utility, head to the ‘updates’ tab, and sign in with your Ubuntu One account.
Signing in will automatically fetch a “token” that lets you use the service for free (see caveats below). When authorised, just tick the ‘Use Canonical live patch to increase security between restarts’ option and you’re done.
The ‘Canonical Livepatch Service‘ is free to use for desktop users, albeit on a maximum of 3 machines per Ubuntu One account.
To use it across more than 3 machines, e.g., enterprise databases, virtual/cloud hosts, and infrastructural services running on Ubuntu, you’ll have to talk to Canonical about becoming an Ubuntu Advantage customer.
Although live Linux kernel patching isn’t something most desktop users will find essential — reboots on modern systems don’t take long — it’s great to see Canonical making it easier for those who need it to opt-in with less effort.
Improved security for all Ubuntu users is always a good thing.
Big thanks Maximilian L.