Livepatch – Apply Critical Security Patches to Ubuntu Linux Kernel Without Rebooting

If you are a system administrator in charge of maintaining critical systems in enterprise environments, we are sure you know two important things:

1) Finding a downtime window to install security patches in order to handle kernel or operating system vulnerabilities can be difficult. If the company or business you work for does not have security policies in place, operations management may end up favoring uptime over the need to solve vulnerabilities. Additionally, internal bureaucracy can cause delays in granting approvals for a downtime. Been there myself.

2) Sometimes you can’t really afford a downtime, and should be prepared to mitigate any potential exposures to malicious attacks some other way.

The good news is that Canonical has recently released (actually, a couple of days ago) its Livepatch service to apply critical kernel patches to Ubuntu 16.04 (64-bit edition / 4.4.x kernel) without the need for a later reboot. Yes, you read that right: with Livepatch, you don’t need to restart your Ubuntu 16.04 server in order for the security patches to take effect.

Signing up for Ubuntu Livepatch

In order to use Canonical Livepatch Service, you need to sign up at and indicate if you are a regular Ubuntu user or an Advantage subscriber (paid option). All Ubuntu users can link up to 3 different machines to Livepatch through the use of a token:

Canonical Livepatch Service

Canonical Livepatch Service

In the next step you will be prompted to enter your Ubuntu One credentials or sign up for a new account. If you choose the latter, you will need to confirm your email address in order to finish your registration:

Ubuntu One Confirmation Mail

Ubuntu One Confirmation Mail

Once you click on the link above to confirm your email address, you’ll be ready to go back to and get your Livepatch token.

Getting and Using your Livepatch Token

To begin, copy the unique token assigned to your Ubuntu One account:

Canonical Livepatch Token

Canonical Livepatch Token

Then go to a terminal and type:

$ sudo snap install canonical-livepatch

The above command will install the livepatch, whereas

$ sudo canonical-livepatch enable [YOUR TOKEN HERE]

will enable it for your system. If this last command indicates it can’t find canonical-livepatch, make sure /snap/bin has been added to your path. A workaround consists of changing your working directory to /snap/bin and do.

$ sudo ./canonical-livepatch enable [YOUR TOKEN HERE]
Install Livepatch in Ubuntu

Install Livepatch in Ubuntu

Overtime, you’ll want to check the description and the status of patches applied to your kernel. Fortunately, this is as easy as doing.

$ sudo ./canonical-livepatch status --verbose

as you can see in the following image:

Check Livepatch Status in Ubuntu

Check Livepatch Status in Ubuntu

Having enabled Livepatch on your Ubuntu server, you will be able to reduce planned and unplanned downtimes at a minimum while keeping your system secure. Hopefully Canonical’s initiative will award you a pat on the back by management – or better yet, a raise.

Feel free to let us know if you have any questions about this article. Just drop us a note using the comment form below and we will get back to you as soon as possible.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.