Technical information - security, APIs, architecture, etc., related to Livepatch.
Networking
Livepatch client requires Internet access in order to fetch kernel patches from the server.
Compatibility
Livepatch determines which kernel patch may be applied based on your kernel version.
Security and privacy
Livepatch sends specific data about your system in order to patch your kernel.
Kernel patching
Livepatch inserts modules into a running kernel, this has inherent risks and the following can detail some of these risks and misunderstandings.
Hi, would it be possible to add a page here that lists the configuration keys that can be modified on the livepatch client? I am working on adding another key and would like to have a place to add a few notes.
Thanks!
Here’s a proposed page or set of pages based on the CLI help. This should probably be split into two pages: “How to configure the livepatch client” and “Config Reference”.
Configuration
The daemon can be configured using the CLI or its configuration file at /var/snap/canonical-livepatch/common/config
.
CLI Configuration
Show the current configuration:
canonical-livepatch config
Change one or more settings:
canonical-livepatch config http-proxy="1.2.3.4" https-proxy="1.2.3.4"
canonical-livepatch config remote-server="https://example.livepatch.canonical.com"
Clear one or more settings:
canonical-livepatch config remote-server=
Change settings, reading a long, multi-line value from stdin:
canonical-livepatch config remote-server=https://2.3.4.5 ca-certs=@stdin < chain.pem
YAML Configuration
The daemon can also be configured by editing /var/snap/canonical-livepatch/common/config
. The file is YAML-formatted. In order for changes to the file to take affect you must restart the daemon.
Configuration Keys
Key |
Data Type |
Description |
Default Value |
http-proxy |
string |
Value passed as HTTP_PROXY (overrides /etc/environment ) |
Empty |
https-proxy |
string |
Value passed as HTTPS_PROXY (overrides /etc/environment ) |
Empty |
no-proxy |
string |
Value passed as NO_PROXY (overrides /etc/environment ) |
Empty |
remote-server |
string |
Livepatch server URL |
https://livepatch.canonical.com |
ca-certs |
string |
Custom CA root certificate(s) |
Empty |
dial-timeout |
string |
Timeout for opening TCP connections; allowed units are s , m , h |
12s |
check-interval |
integer |
Minutes between checks for new patches. Minimum 60 . Use 0 to disable auto refresh. |
60 |
log-level |
string |
One of debug , info , notice , warning , error |
warning |
cutoff-date |
string |
RFC3339 date in the past after which new patched will not be installed. Only available to paid Ubuntu Pro users |
Empty |
patch-delay |
string |
Duration before a newly released patch is received by the client; allowed units are s , m , h , d , w . Only available to paid Ubuntu Pro users |
0 |