Canonical Livepatch patches high and critical Linux kernel vulnerabilities, removing the immediate need to reboot to upgrade the kernel, and instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.
The Ubuntu Livepatch offering consists of the client application, the Livepatch service hosted by Canonical and an optional on-prem server. The client runs on machines, periodically checks for available patches, downloads, verifies and installs them.
Canonical Livepatch is meant for critical infrastructure, where unscheduled downtime is to be avoided. By applying live kernel patches for high and critical kernel vulnerabilities, upgrades can be scheduled at a suitable time.
If you’re using Ubuntu Pro, then you’ll have access to two additional Livepatch features.
- Delayed updates for your Livepatch clients, providing further security and protection.
- Access to the on-prem server.
Livepatch Client
Livepatch is the client side software that runs on individual machines and periodically checks for the availability of kernel patches. Once a patch becomes available, it is downloaded, verified and applied to the current kernel.
Livepatch On-prem
Complex enterprise environments often follow policies that require a gradual roll-out of updates to reduce risk, or have high-security isolated environments that need to be updated. Livepatch on-prem allows an organization to define a rollout policy and remain in full control of which machines will get updated and when. To keep your machines up-to-date, the on-premises service regularly syncs with Livepatch hosted by Canonical and obtains the latest patches. It then deploys the patches gradually in as many stages as required.
Navigation
Navigation
| Level | Path | Navlink |
|---|---|---|
| 1 | new_docs | Livepatch documentation |
| 1 | livepatch | Client |
| 2 | livepatch/how-to | How-to guides |
| 3 | livepatch/how-to/enable | Enable client |
| 3 | livepatch/how-to/disable | Disable client |
| 3 | livepatch/how-to/status | Check client status |
| 3 | livepatch/how-to/proxy | Configure proxy |
| 3 | livepatch/how-to/patch-cut-off | Use patch cut-off date |
| 3 | livepatch/how-to/configure-client | Configure Livepatch client |
| 3 | livepatch/how-to/disable-livepatch-during-startup | Disable Livepatch during startup |
| 3 | livepatch/how-to/enable-and-configure-the-livepatch-client-with-cloud-init | Enable and Configure The Livepatch Client With Cloud-Init |
| 2 | livepatch/reference | Reference |
| 3 | livepatch/reference/firewall | Network requirements |
| 3 | livepatch/reference/data | Data sent |
| 3 | livepatch/reference/kernels | Supported kernels |
| 3 | livepatch/reference/patch_lifecycle | Patch Lifecycle |
| 3 | livepatch/reference/patch_security | Patch Security |
| 3 | livepatch/reference/patch_installation | Patch Installation |
| 3 | livepatch/reference/content_caching | Content Caching |
| 3 | livepatch/reference/config-options | Configuration Options |
| 2 | livepatch/explanation | Explanation |
| 3 | livepatch/explanation/howitworks | How Livepatching works? |
| 3 | livepatch/explanation/notices | Livepatch security notices |
| 3 | livepatch/explanation/security_overview | Security Overview |
| 3 | livepatch/explanation/updates_provided | What kind of updates are provided by Livepatch? |
| 3 | livepatch/explanation/updates_not_provided | What kind of updates are not provided by Livepatch? |
| 3 | livepatch/explanation/expected_schedule | When should I expect new updates? |
| 3 | livepatch/explanation/reboot_requirement | Do I need to reboot? |
| 3 | livepatch/explanation/cve_rating | How CVEs are rated? |
| 3 | livepatch/explanation/not_patchable_problem | What happens when a problem cannot be patched? |
| 3 | livepatch/explanation/missing_patches | Why are there missing patches? |
| 3 | livepatch/explanation/service_access_problem | Service access problem |
| 3 | livepatch/explanation/client_not_working | Why Livepatch is not working on my machine? |
| 3 | livepatch/explanation/what_are_livepatch_tiers | What are Livepatch tiers? |
| 3 | livepatch/explanation/what-is-patch-cut-off | What is patch cut-off date? |
| 3 | livepatch/explanation/which-are-the-supported-architectures | Which are the supported architectures? |
| 3 | livepatch/explanation/reporting_bugs | Report bugs |
| 3 | livepatch/explanation/more_help | Get more help |
| 1 | livepatch_on_prem | On-prem server |
| 2 | livepatch_on_prem/tutorial | Tutorial |
| 3 | livepatch_on_prem/tutorial/Getting started with Livepatch and LXD | Livepatch and LXD |
| 3 | livepatch_on_prem/tutorial/Getting started with Livepatch and MicroK8s | Livepatch and Microk8s |
| 3 | livepatch_on_prem/tutorial/Getting started with air-gapped Livepatch and Microk8s | Air-gapped Livepatch and MicroK8s |
| 3 | livepatch_on_prem/tutorial/Getting started with air-gapped Livepatch and Snap | Air-gapped Livepatch and Snap |
| 2 | livepatch_on_prem/how-to | How-to guides |
| 3 | livepatch_on_prem/how-to/deployment | Deploy via Juju |
| 3 | livepatch_on_prem/how-to/deployment-snap | Deploy via Snap |
| 3 | livepatch_on_prem/how-to/cve-deployment-snap | Deploy CVE Service via Snap |
| 3 | livepatch_on_prem/how-to/use_livepatch_client | Use Livepatch client with on-prem server |
| 3 | livepatch_on_prem/how-to/administration_tool | Setup administration tool |
| 3 | livepatch_on_prem/how-to/fetching_patches | Fetch patches |
| 3 | livepatch_on_prem/how-to/configure_proxy | Configure proxy for fetching patches |
| 3 | livepatch_on_prem/how-to/fleet_management | Manage fleet of machines |
| 3 | livepatch_on_prem/how-to/patch_health | Generate patch health report |
| 3 | livepatch_on_prem/how-to/upgrading | Upgrade a deployment |
| 3 | livepatch_on_prem/how-to/scaling | Scale out |
| 3 | livepatch_on_prem/how-to/security-hardening | Security Hardening |
| 3 | livepatch_on_prem/how-to/tls | Setup TLS |
| 3 | livepatch_on_prem/how-to/use_downloader_tool | Use the Patch Downloader Tool |
| 3 | livepatch_on_prem/how-to/chain-servers | Chain Livepatch Servers |
| 3 | livepatch_on_prem/how-to/migrate-from-charm-to-snap | Migrate from Reactive charm to snap |
| 3 | livepatch_on_prem/how-to/migrate-from-reactive-to-operator-charm | Migrate from Reactive charm to Operator charm |
| 2 | livepatch_on_prem/reference | Reference |
| 3 | livepatch_on_prem/reference/security | Security Overview |
| 3 | livepatch_on_prem/reference/configuration | Configuration |
| 3 | livepatch_on_prem/reference/resource_requirements | Resource requirements |
| 3 | livepatch_on_prem/reference/firewall | Network access |
| 3 | livepatch_on_prem/reference/patch_management | Patch management |
| 3 | livepatch_on_prem/reference/release_notes_k8s_charm | Release Notes |
| 2 | livepatch_on_prem/explanation | Explanation |
| 3 | livepatch_on_prem/explanation/storage/configure | Patch storage |
| 4 | livepatch_on_prem/explanation/storage/s3 | Use S3 for patch storage |
| 3 | livepatch_on_prem/explanation/data | Data sent |
| 3 | livepatch_on_prem/explanation/access_control | Access Control |
| 3 | livepatch_on_prem/explanation/logging_and_monitoring | Logging and monitoring |
| 3 | livepatch_on_prem/explanation/network_security | Network Security |
| 3 | livepatch_on_prem/explanation/machine_reports | Machine reports |
| 3 | livepatch_on_prem/explanation/patch_sync_filters | Patch sync filters |
| 3 | livepatch_on_prem/explanation/security_overview | Security Overview |
| 1 | livepatch_server_on_public_clouds | Livepatch Server On Public Clouds |
| 2 | livepatch_server_on_public_clouds/how-to | How-to guides |
| 3 | livepatch_server_on_public_clouds/how-to/deploying_the_livepatch_server_snap_on_public_clouds | Deploying The Livepatch Server Snap on Public Clouds |
Redirects
Mapping table
| Path | Location |
|---|---|
| /security/livepatch/docs/howitworks | /security/livepatch/docs/livepatch/explanation/howitworks |
| /security/livepatch/docs/kernels | /security/livepatch/docs/livepatch/reference/kernels |
| /security/livepatch/docs/on_prem | /security/livepatch/docs/livepatch_on_prem |
| /security/livepatch/docs/support | /security/livepatch/docs/new_docs |
| /security/livepatch/docs/notices | /security/livepatch/docs/livepatch/explanation/notices |
| /security/livepatch/docs/faq | /security/livepatch/docs/livepatch/explanation |
| /security/livepatch/docs/client | /security/livepatch/docs/livepatch |
| /security/livepatch/docs/how-to/enable | /security/livepatch/docs/livepatch/how-to/enable |
| /security/livepatch/docs/client/disabling | /security/livepatch/docs/livepatch/how-to/disable |
| /security/livepatch/docs/client/status | /security/livepatch/docs/livepatch/how-to/status |
| /security/livepatch/docs/client/firewall | /security/livepatch/docs/livepatch/reference/firewall |
| /security/livepatch/docs/client/data | /security/livepatch/docs/livepatch/reference/data |
| /security/livepatch/docs/on_prem/deployment | /security/livepatch/docs/livepatch_on_prem/how-to/deployment |
| /security/livepatch/docs/on_prem/resource_requirements | /security/livepatch/docs/livepatch_on_prem/reference/resource_requirements |
| /security/livepatch/docs/on_prem/how_to/configure_patch_storage | /security/livepatch/docs/livepatch_on_prem/how-to/storage/configure |
| /security/livepatch/docs/on_prem/patch_storage/s3 | /security/livepatch/docs/livepatch_on_prem/how-to/storage/s3 |
| /security/livepatch/docs/on_prem/how_to/use_livepatch_client | /security/livepatch/docs/ |
| /security/livepatch/docs/on_prem/administration_tool | /security/livepatch/docs/livepatch_on_prem/how-to/use_livepatch_client |
| /security/livepatch/docs/on_prem/firewall | /security/livepatch/docs/livepatch_on_prem/reference/firewall |
| /security/livepatch/docs/on_prem/fetching_patches | /security/livepatch/docs/livepatch_on_prem/how-to/fetching_patches |
| /security/livepatch/docs/on_prem/patch_management | /security/livepatch/docs/livepatch_on_prem/reference/patch_management |
| /security/livepatch/docs/on_prem/fleet_management | /security/livepatch/docs/livepatch_on_prem/how-to/fleet_management |
| /security/livepatch/docs/on_prem/patch_health | /security/livepatch/docs/livepatch_on_prem/how-to/patch_health |
| /security/livepatch/docs/on_prem/upgrading | /security/livepatch/docs/livepatch_on_prem/how-to/upgrading |
| /security/livepatch/docs/on_prem/scaling | /security/livepatch/docs/livepatch_on_prem/how-to/scaling |
| /security/livepatch/docs/on_prem/tls | /security/livepatch/docs/livepatch_on_prem/how-to/tls |
| /security/livepatch/docs/on_prem/data | /security/livepatch/docs/livepatch_on_prem/explanation/data |
| /security/livepatch/docs/livepatch_on_prem/reference/charm_migration | /security/livepatch/docs/livepatch_on_prem/how-to/migrate-from-reactive-to-operator-charm |