Flexible Distributed Linux Kernel Live Patching
- 3rd-party trust.
- Trust on a third-party service can be eliminated by deploying Elivepatch in-house.
- Custom kernel configurations.
- Live patches can be created for different kernel versions and configurations by varying the parameters to Elivepatch.
- Modified kernels.
- Support is extended to locally modified kernels (e.g. out-of-tree patch sets) by sending the server a list of patches that should be applied before the live patch creation process starts.
- Client-generated patches.
- In Elivepatch, clients specify the live patches to be created whereas current systems only support vendor-generated patches.
- Security auditing.
- Elivepatch is completely open source and thus fully auditable.
$ git clone https://github.com/gentoo/elivepatch-client
$ cd elivepatch-client/
$ virtualenv .venv
$ python setup.py install
elivepatch-client -p example/2.patch -k example/config_5.1.6 -a 5.1.6 --url http://localhost:5000
Not all patch can be converted to live patch using kpatch.
- Patch that change data structure
- Change content of existing variable
- Add field to existing data structure
- Init code changes are incompatible with kpatch
- Header file changes
- Dealing with unexpected changed functions
- Removing references to static local variables
- Code removal
- elivepatch-client
- Client to be run on the machine where we want to install the live patch.
- elivepatch-server
- RESTful API to be run on the server using kpatch for building the live patch.
- elivepatch-overlay
- Where to keep your livepatch patches.
- elivepatch-docker
- Simplyfing elivepatch-server start.
Fork this repo and make a pull request. We are happy to merge it.
Commit message should look like
[category/packagename] short decription
Long description
This makes reading history easier. GPG signing your changes is a good idea.
If you have push access to this repo it is a good idea to still create a pull request, so at least one more person have reviewed your code. Exceptions are trivial changes and urgent changes (that fix something completely broken).
- Join #gentoo-kernel channel on Freenode
- Open issues here