How to Install Kernel Updates On Ubuntu without Rebooting

If you are a system administrator in charge of maintaining critical systems in enterprise environments, we are sure you know two important things:

1) Finding a downtime window to install security patches in order to handle kernel or operating system vulnerabilities can be difficult. If the company or business you work for does not have security policies in place, operations management may end up favoring uptime over the need to solve vulnerabilities. Additionally, internal bureaucracy can cause delays in granting approvals for a downtime. Been there myself.

2) Sometimes you can’t really afford downtime and should be prepared to mitigate any potential exposures to malicious attacks some other way.

The good news is that Canonical has recently released its Livepatch service to apply critical kernel patches to Ubuntu 14.04 LTS, 16.04 LTS, 18.04 LTS, and Ubuntu 20.04 LTS without the need for a later reboot. Yes, you read that right: with Livepatch, you don’t need to restart your Ubuntu server in order for the security patches to take effect.

Signing Up Livepatch On Ubuntu Server

In order to use Canonical Livepatch Service, you need to sign up at https://auth.livepatch.canonical.com/ and indicate if you are a regular Ubuntu user or an Advantage subscriber (paid option). All Ubuntu users can link up to 3 different machines to Livepatch through the use of a token:

Canonical Livepatch Service
Canonical Livepatch Service

In the next step, you will be prompted to enter your Ubuntu One credentials or sign up for a new account. If you choose the latter, you will need to confirm your email address in order to finish your registration:

Ubuntu One Confirmation Mail
Ubuntu One Confirmation Mail

Once you click on the link above to confirm your email address, you’ll be ready to go back to https://auth.livepatch.canonical.com/ and get your Livepatch token.

Getting and Using your Livepatch Token

To begin, copy the unique token assigned to your Ubuntu One account:

Canonical Livepatch Token
Canonical Livepatch Token

Then go to a terminal and type:

$ sudo snap install canonical-livepatch
Install Canonical Livepatch in Ubuntu
Install Canonical Livepatch in Ubuntu

The above command will install the livepatch, whereas

$ sudo canonical-livepatch enable [YOUR TOKEN HERE]

it will enable it for your system. If this last command indicates it can’t find canonical-livepatch, make sure /snap/bin has been added to your path. A workaround consists of changing your working directory to /snap/bin and do.

$ sudo ./canonical-livepatch enable [YOUR TOKEN HERE]
Install Livepatch in Ubuntu
Install Livepatch in Ubuntu

Overtime, you’ll want to check the description and the status of patches applied to your kernel. Fortunately, this is as easy as doing.

$ sudo ./canonical-livepatch status --verbose

as you can see in the following image:

Check Livepatch Status in Ubuntu
Check Livepatch Status in Ubuntu

Having enabled Livepatch on your Ubuntu server, you will be able to reduce planned and unplanned downtimes at a minimum while keeping your system secure. Hopefully, Canonical’s initiative will award you a pat on the back by management – or better yet, a raise.

Feel free to let us know if you have any questions about this article. Just drop us a note using the comment form below and we will get back to you as soon as possible.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.