How to enable free 'Canonical Livepatch Service' for Linux kernel live-patching on Ubuntu
Linux 4.0 introduced a wonderful feature for those that need insane up-time -- the ability to patch the kernel without rebooting the machine. While this is vital for servers, it can be beneficial to workstation users too. Believe it or not, some home users covet long up-time simply for fun -- bragging rights, and such.
If you are an Ubuntu 16.04 LTS user (with generic Linux kernel 4.4) and you want to take advantage of this exciting feature, I have good news -- it is now conveniently available for free! Unfortunately, this all-new Canonical Livepatch Service does have a catch -- it is limited to three machines per user. Of course, home users can register as many email addresses as they want, so it is easy to get more if needed. Businesses can pay for additional machines through Ubuntu Advantage. Want to give it a go? Read on.
"Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service", says Tom Callway, Director of Cloud Marketing, Canonical.
Dustin Kirkland, Ubuntu Product and Strategy for Canonical explains, "kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads".
Ready to enable it on your home machine? To do so, you can watch the following video. If you prefer text-based instructions, you can find them below the video. Remember, it is only available for Ubuntu 16.04 LTS -- if you are on 16.10, it will not work.
The first thing you must do is get a token here. This requires an Ubuntu One account. If you already have such an account, you can sign in. If you do not yet have one, you can register now -- don't worry, it is free.
Once you have your token, you will want to enter the following commands in Terminal. Obviously, you must replace [Token] with your actual token.
sudo snap install canonical-livepatch
sudo canonical-livepatch enable [Token]
There you have it folks. Your home machine will now get live kernel patches -- no reboots needed. How cool is that?