Reboot

If you run a Linux server, software patching is a task that will have to be performed on a regular basis. Although most programs can be auto-restarted with a tool like needrestart, there is one exception: the kernel.

Wouldn’t it be a nice if we could update the kernel without the mandatory reboot? Here is livepatch, the feature of the Linux kernel that makes it possible. Let’s discover how it works and if you can use it on your system.

By default Arch will install the kernel in /boot with the name vmlinuz-linux. To determine if the system is running the latest kernel, we can compare the running kernel and the one on disk.

Running kernel

One way to determine the running kernel is with the uname command. By default installed and with the -r parameter it will provide the kernel release version.

# uname -r  
3.17.4-1-ARCH

Kernel on disk

Checking the latest kernel on disk is almost as easy. In this case we have to analyze the /boot/vmlinuz-linux file, which is the default file name for the Linux kernel on Arch Linux.

Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot?

Required restart required?

Required reboot

Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive data or allow unauthorized access to the software or system. These type of bugs are called vulnerabilities.