Livepatch Documentation

Canonical Livepatch patches high and critical Linux kernel vulnerabilities, removing the immediate need to reboot to upgrade the kernel, and instead allowing the downtime to be scheduled. It is a part of the Ubuntu Pro offering.

The Ubuntu Livepatch offering consists of the client application, the Livepatch service hosted by Canonical and an optional on-prem server. The client runs on machines, periodically checks for available patches, downloads, verifies and installs them.

Canonical Livepatch is meant for critical infrastructure, where unscheduled downtime is to be avoided. By applying live kernel patches for high and critical kernel vulnerabilities, upgrades can be scheduled at a suitable time.

If you’re using Ubuntu Pro, then you’ll have access to two additional Livepatch features.

  1. Delayed updates for your Livepatch clients, providing further security and protection.
  2. Access to the on-prem server.

Livepatch Client

Livepatch is the client side software that runs on individual machines and periodically checks for the availability of kernel patches. Once a patch becomes available, it is downloaded, verified and applied to the current kernel.

Livepatch On-prem

Complex enterprise environments often follow policies that require a gradual roll-out of updates to reduce risk, or have high-security isolated environments that need to be updated. Livepatch on-prem allows an organization to define a rollout policy and remain in full control of which machines will get updated and when. To keep your machines up-to-date, the on-premises service regularly syncs with Livepatch hosted by Canonical and obtains the latest patches. It then deploys the patches gradually in as many stages as required.

Navigation

Navigation
Level Path Navlink
1 new_docs Livepatch documentation
1 livepatch Client
2 livepatch/how-to How-to guides
3 livepatch/how-to/enable Enable client
3 livepatch/how-to/disable Disable client
3 livepatch/how-to/status Check client status
3 livepatch/how-to/proxy Configure proxy
3 livepatch/how-to/cloud-enabled Configure Cloud-Enabled Livepatch
3 livepatch/how-to/patch-cut-off Use patch cut-off date
2 livepatch/reference Reference
3 livepatch/reference/firewall Network requirements
3 livepatch/reference/data Data sent
3 livepatch/reference/kernels Supported kernels
3 livepatch/reference/patch_security Patch Security
3 livepatch/reference/patch_installation Patch Installation
2 livepatch/explanation Explanation
3 livepatch/explanation/howitworks How Livepatching works?
3 livepatch/explanation/notices Livepatch security notices
3 livepatch/explanation/updates_provided What kind of updates are provided by Livepatch?
3 livepatch/explanation/updates_not_provided What kind of updates are not provided by Livepatch?
3 livepatch/explanation/expected_schedule When should I expect new updates?
3 livepatch/explanation/reboot_requirement Do I need to reboot?
3 livepatch/explanation/cve_rating How CVEs are rated?
3 livepatch/explanation/not_patchable_problem What happens when a problem cannot be patched?
3 livepatch/explanation/missing_patches Why are there missing patches?
3 livepatch/explanation/service_access_problem Service access problem
3 livepatch/explanation/client_not_working Why Livepatch is not working on my machine?
3 livepatch/explanation/what_are_livepatch_tiers What are Livepatch tiers?
3 livepatch/explanation/what-is-cloud-enabled What is Cloud-Enabled Livepatch?
3 livepatch/explanation/what-is-patch-cut-off What is patch cut-off date?
3 livepatch/explanation/which-are-the-supported-architectures Which are the supported architectures?
3 livepatch/explanation/reporting_bugs Report bugs
3 livepatch/explanation/more_help Get more help
1 livepatch_on_prem On-prem server
2 livepatch_on_prem/tutorial Tutorial
3 livepatch_on_prem/tutorial/Getting started with Livepatch and LXD Livepatch and LXD
3 livepatch_on_prem/tutorial/Getting started with Livepatch and MicroK8s Livepatch and Microk8s
3 livepatch_on_prem/tutorial/Getting started with air-gapped Livepatch and Microk8s Air-gapped Livepatch and MicroK8s
3 livepatch_on_prem/tutorial/Getting started with air-gapped Livepatch and Snap Air-gapped Livepatch and Snap
2 livepatch_on_prem/how-to How-to guides
3 livepatch_on_prem/how-to/deployment Deploy via Juju
3 livepatch_on_prem/how-to/deployment-snap Deploy via Snap
3 livepatch_on_prem/how-to/use_livepatch_client Use Livepatch client with on-prem server
3 livepatch_on_prem/how-to/administration_tool Setup administration tool
3 livepatch_on_prem/how-to/fetching_patches Fetch patches
3 livepatch_on_prem/how-to/configure_proxy Configure proxy for fetching patches
3 livepatch_on_prem/how-to/fleet_management Manage fleet of machines
3 livepatch_on_prem/how-to/patch_health Generate patch health report
3 livepatch_on_prem/how-to/upgrading Upgrade a deployment
3 livepatch_on_prem/how-to/scaling Scale out
3 livepatch_on_prem/how-to/security-hardening Security Hardening
3 livepatch_on_prem/how-to/tls Setup TLS
3 livepatch_on_prem/how-to/use_downloader_tool Use the Patch Downloader Tool
3 livepatch_on_prem/how-to/chain-servers Chain Livepatch Servers
2 livepatch_on_prem/reference Reference
3 livepatch_on_prem/reference/security Security Overview
3 livepatch_on_prem/reference/configuration Configuration
3 livepatch_on_prem/reference/charm_migration Charm Migration
3 livepatch_on_prem/reference/resource_requirements Resource requirements
3 livepatch_on_prem/reference/firewall Network access
3 livepatch_on_prem/reference/patch_management Patch management
2 livepatch_on_prem/explanation Explanation
3 livepatch_on_prem/explanation/storage/configure Patch storage
4 livepatch_on_prem/explanation/storage/s3 Use S3 for patch storage
3 livepatch_on_prem/explanation/data Data sent
3 livepatch_on_prem/explanation/access_control Access Control
3 livepatch_on_prem/explanation/logging_and_monitoring Logging and monitoring
3 livepatch_on_prem/explanation/network_security Network Security
3 livepatch_on_prem/explanation/machine_reports Machine reports
3 livepatch_on_prem/explanation/patch_sync_filters Patch sync filters

Redirects

Mapping table
Path Location
/security/livepatch/docs/howitworks /security/livepatch/docs/livepatch/explanation/howitworks
/security/livepatch/docs/kernels /security/livepatch/docs/livepatch/reference/kernels
/security/livepatch/docs/on_prem /security/livepatch/docs/livepatch_on_prem
/security/livepatch/docs/support /security/livepatch/docs/new_docs
/security/livepatch/docs/notices /security/livepatch/docs/livepatch/explanation/notices
/security/livepatch/docs/faq /security/livepatch/docs/livepatch/explanation
/security/livepatch/docs/client /security/livepatch/docs/livepatch
/security/livepatch/docs/how-to/enable /security/livepatch/docs/livepatch/how-to/enable
/security/livepatch/docs/client/disabling /security/livepatch/docs/livepatch/how-to/disable
/security/livepatch/docs/client/status /security/livepatch/docs/livepatch/how-to/status
/security/livepatch/docs/client/firewall /security/livepatch/docs/livepatch/reference/firewall
/security/livepatch/docs/client/data /security/livepatch/docs/livepatch/reference/data
/security/livepatch/docs/on_prem/deployment /security/livepatch/docs/livepatch_on_prem/how-to/deployment
/security/livepatch/docs/on_prem/resource_requirements /security/livepatch/docs/livepatch_on_prem/reference/resource_requirements
/security/livepatch/docs/on_prem/how_to/configure_patch_storage /security/livepatch/docs/livepatch_on_prem/how-to/storage/configure
/security/livepatch/docs/on_prem/patch_storage/s3 /security/livepatch/docs/livepatch_on_prem/how-to/storage/s3
/security/livepatch/docs/on_prem/how_to/use_livepatch_client /security/livepatch/docs/
/security/livepatch/docs/on_prem/administration_tool /security/livepatch/docs/livepatch_on_prem/how-to/use_livepatch_client
/security/livepatch/docs/on_prem/firewall /security/livepatch/docs/livepatch_on_prem/reference/firewall
/security/livepatch/docs/on_prem/fetching_patches /security/livepatch/docs/livepatch_on_prem/how-to/fetching_patches
/security/livepatch/docs/on_prem/patch_management /security/livepatch/docs/livepatch_on_prem/reference/patch_management
/security/livepatch/docs/on_prem/fleet_management /security/livepatch/docs/livepatch_on_prem/how-to/fleet_management
/security/livepatch/docs/on_prem/patch_health /security/livepatch/docs/livepatch_on_prem/how-to/patch_health
/security/livepatch/docs/on_prem/upgrading /security/livepatch/docs/livepatch_on_prem/how-to/upgrading
/security/livepatch/docs/on_prem/scaling /security/livepatch/docs/livepatch_on_prem/how-to/scaling
/security/livepatch/docs/on_prem/tls /security/livepatch/docs/livepatch_on_prem/how-to/tls
/security/livepatch/docs/on_prem/data /security/livepatch/docs/livepatch_on_prem/explanation/data
2 Likes