Live kernel patching from Canonical now available for Ubuntu 16.04 LTS

Tom Callway

on 20 October 2016

Tags: kernel , livepatch

This article is more than 8 years old.


We are delighted to announce the availability of a new service for Ubuntu which any user can enable on their current installations – the Canonical Livepatch Service.

This new live kernel patching service can be used on any Ubuntu 16.04 LTS system (using the generic Linux 4.4 kernel) to minimise unplanned downtime and maintain the highest levels of security.

First a bit of background…

Since the release of the Linux 4.0 kernel about 18 months ago, users have been able to patch and update their kernel packages without rebooting. However, until now, no other Linux distribution has offered this feature for free to their users. That changes today with the release of the Canonical Livepatch Service:

  • The Canonical Livepatch Service is available for free to all users up to 3 machines.
  • If you want to enable the Canonical Livepatch Service on more than three machines, please purchase an Ubuntu Advantage support package from buy.ubuntu.com or get in touch.

Beyond securing your desktop, server, IoT device or virtual guest, the Canonical Livepatch Service is particularly useful in container environments since every container will share the same kernel.

“Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads,” says Dustin Kirkland, Ubuntu Product and Strategy for Canonical.

Here’s how to enable the Canonical Livepatch Service today

First, go to the Canonical Livepatch Service portal and retrieve your livepatch token.

Next, install the livepatch ‘Snap’ using the first command below, and then enable your account using the token obtained in the second command below:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable [Token]

That’s it! You’ve just enabled kernel live patching for your Ubuntu system, and you can do that, for free, on two more installations! However, if you want to enable the Canonical Livepatch Service on more than three systems you’ll need to purchase an Ubuntu Advantage support package from as little as $12 per month.

Need a bit more help?

Here’s a quick video to guide you through the steps in less than a minute:

For further details on the Canonical Livepatch Service please read Dustin Kirkland’s useful list of FAQs.

Ubuntu cloud

Ubuntu offers all the training, software infrastructure, tools, services and support you need for your public and private clouds.

Newsletter signup

Get the latest Ubuntu news and updates in your inbox.

By submitting this form, I confirm that I have read and agree to Canonical's Privacy Policy.

Related posts

An overview of live kernel patching

Learn how Canonical improves security on Linux with live kernel patching. Track Livepatch activity over time in Landscape.

Ubuntu Livepatch on-prem reduces downtime and unplanned work on enterprise environments!

London, United Kingdom – Canonical announces Ubuntu Livepatch on-prem, an enhancement to its Ubuntu Livepatch service enabling organisations to take control...

Linux kernel Livepatching

Ubuntu Livepatch is the service and the software that enables organizations to quickly patch vulnerabilities on the Ubuntu Linux kernels. Livepatch provides...