16.04 Server with Canonical Livepatch Service requires restart - Ask Ubuntu


i'm no means sysadmin, maybe simple oversight. isn't whole point of livepatch service prevent mission-critical servers having restart after kernel update?

livepatch on google cloud compute server in question has been installed since october 18th. before installing livepatch service, performed 1 last restart.

this i'm presented upon login:

login as: ubuntu authenticating public key "key" agent welcome ubuntu 16.04.1 lts (gnu/linux 4.4.0-45-generic x86_64)   * documentation:  https://help.ubuntu.com  * management:     https://landscape.canonical.com  * support:        https://ubuntu.com/advantage  cloud support ubuntu advantage cloud guest:   http://www.ubuntu.com/business/services/cloud  1 package can updated. 0 updates security updates.  *** system restart required *** last login: tue nov  1 09:57:46 2016 x.x.x.x

if check status of livepatch service, looks fine:

ubuntu@server:~$ canonical-livepatch status kernel: 4.4.0-45.66-generic fully-patched: true version: ""

anything else need doing prevent these required restarts? there other packages need full restart? packages managed through ubuntu's own package manager.

here can find lengthy faq ubuntu live patch: http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html copied questions of interest you:

q: kinds of updates provided canonical livepatch service?

a: canonical livepatch service intended address high , critical severity linux kernel security vulnerabilities, identified ubuntu security notices , cve database. note there limitations kernel livepatch technology -- linux kernel code paths cannot safely patched while running. our best supply canonical livepatches high , critical vulnerabilities in timely fashion whenever possible. there may occasions when traditional kernel upgrade , reboot might still necessary. we’ll communicate through usual mechanisms -- usns, landscape, desktop notifications, byobu, /etc/motd, etc.

q: non-security bug fixes, stability, performance, or hardware enablement updates?

a: canonical continue provide linux kernel updates addressing bugs, stability issues, performance problems, , hardware compatibility on our usual cadence -- every 3 weeks. these updates can applied using ‘sudo apt update; sudo apt upgrade -y’, using desktop “software updates” application, or landscape systems management. these standard (non-security) updates still require reboot, have.


Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried ...
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more