Σχετ: canonical livepatch

kallinikos Evangelopoulos kallinikos2000 at yahoo.gr
Sat Nov 5 07:55:06 UTC 2016 

Thank you very much Dimitri, I think that settles things. Make the chance, thanks to everyone that helped me with this problem of mine.
Best regards,
Kall
 

    Στις 3:11 μ.μ. Παρασκευή, 4 Νοεμβρίου 2016, ο/η Dimitri John Ledkov <xnox at ubuntu.com> έγραψε:
 

 On 4 November 2016 at 12:44, kallinikos Evangelopoulos
<kallinikos2000 at yahoo.gr> wrote:
> Thanks very much for the answer. I just checked again, this time with
> --verbose and a reboot, as you suggest, and I got this:
>
> kernel: 4.4.0-45.66-generic
>  running: true
>  livepatch:
>    state: nothing-to-apply
>    version: ""
>    fixes: ""
>
> So, it does seem fine, except for the version again, which appears nowhere,
> unlike everyother instance I managed to see, even yours. Are you sure this
> does not pose a problem? It is strange, isn't it?
>

That doesn't seem strange to me. The version string should be that of
the livepatch kernel module to apply. Currently, there are no
livepatches applied or available to be applied, and hence the version
string is empty.
Note that multiple livepatch versions can be applied against a given
kernel. So, for example, if I don't reboot my machine, and there are
further livepatches released for my currently running kernel then my
version string will keep incrementing whilst the kernel version will
stay the same.

Does above make sense at all?

/me is very new to using livepatches too

Regards,

Dimitri.


> Regards,
>
> Kall
>
>
> Στις 1:29 μ.μ. Παρασκευή, 4 Νοεμβρίου 2016, ο/η Dimitri John Ledkov
> <xnox at ubuntu.com> έγραψε:
>
>
> Hello,
>
> On 4 November 2016 at 09:00, Christian Ehrhardt
> <christian.ehrhardt at canonical.com> wrote:
>> Hi,
>> just checked, with the same kernel mine still looks today like yours did
>> initially.
>> If run the status command with --verbose it will list the status it is in,
>> which might help seeing whats going on on your system.
>>
>
> Well if you reboot every day, then you boot the kernel which is fully
> patched - with all security (not just severe ones) and bugfixes. Such
> kernels are released at the same time as livepatches.
> I.e. if one can afford reboots, one is fully up to date.
>
> Plus this service is currently running for xenial only.
>
> I don't like rebooting my desktop. Hence I have:
>
> $ uptime
> 11:25:14 up 24 days,  7:20,  3 users,  load average: 3.15, 2.50, 2.20
>
> $ lsmod | grep live
> kpatch_livepatch_Ubuntu_4_4_0_38_57_generic_13    49152  1
>
> $ sudo canonical-livepatch status --verbose
> client-version: "5"
> machine-id: censored
> machine-token: censored
> architecture: x86_64
> cpu-model: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
> last-check: 2016-11-04T11:07:47.882167806Z
> boot-time: 2016-10-11T05:05:04+01:00
> uptime: 583h20m17s
>
> status:
>
> - kernel: 4.4.0-38.57-generic
>  running: true
>  livepatch:
>    state: applied
>    version: "13.3"
>    fixes: ""
>
> Maybe I should reboot into a newer kernel 38 -> 45. If you are running
> 45 kernel, I presume you wouldn't need any livepatches as everything
> is rolled into the latest kernel update.
>
> --
> Regards,
>
> Dimitri.
>
>
>



-- 
Regards,

Dimitri.

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20161105/374f22de/attachment.html>

More information about the Ubuntu-devel-discuss mailing list