Technical information - security, APIs, architecture, etc., related to Livepatch.

Networking

Livepatch client requires Internet access in order to fetch kernel patches from the server.

• Network requirements

Compatibility

Livepatch determines which kernel patch may be applied based on your kernel version.

• Supported kernels
• How do I know if the patch is designed for my system?

Security and privacy

Livepatch sends specific data about your system in order to patch your kernel.

• Data sent
• Patch Security

Kernel patching

Livepatch inserts modules into a running kernel, this has inherent risks and the following can detail some of these risks and misunderstandings.

• Patch Installation

Hi, would it be possible to add a page here that lists the configuration keys that can be modified on the livepatch client? I am working on adding another key and would like to have a place to add a few notes.

Thanks!

Here’s a proposed page or set of pages based on the CLI help. This should probably be split into two pages: “How to configure the livepatch client” and “Config Reference”.

Configuration

The daemon can be configured using the CLI or its configuration file at /var/snap/canonical-livepatch/common/config.

CLI Configuration

Show the current configuration:

canonical-livepatch config

Change one or more settings:

canonical-livepatch config http-proxy="1.2.3.4" https-proxy="1.2.3.4"
canonical-livepatch config remote-server="https://example.livepatch.canonical.com"

Clear one or more settings:

canonical-livepatch config remote-server=

Change settings, reading a long, multi-line value from stdin:

canonical-livepatch config remote-server=https://2.3.4.5 ca-certs=@stdin < chain.pem

YAML Configuration

The daemon can also be configured by editing /var/snap/canonical-livepatch/common/config. The file is YAML-formatted. In order for changes to the file to take affect you must restart the daemon.

Configuration Keys