Elivepatch: Flexible Distributed Linux Kernel Live Patching
Elivepatch addresses the limitations and shortcomings of the current distributed live patching services as follows: 3rd-party trust: Trust on a third-party service can be eliminated by deploying E …
Talk Title | Elivepatch: Flexible Distributed Linux Kernel Live Patching |
Speakers | Alice Ferrazzi (OSS Embedded Developer, Cybertrust Japan), Takanori Suzuki (Linux OSS developer, Cybertrust Japan Co., Ltd.) |
Conference | Open Source Summit + ELC Europe |
Conf Tag | |
Location | Edinburgh, UK |
Date | Oct 21-25, 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
“Elivepatch” addresses the limitations and shortcomings of the current distributed live patching services as follows: • 3rd-party trust: Trust on a third-party service can be eliminated by deploying Elivepatch in-house. • Custom kernel configurations: Live patches can be created for different kernel versions and configurations by varying the parameters to Elivepatch. • Modified kernels: Support is extended to locally modified kernels (e.g. out-of-tree patch sets) by sending the server a list of patches that should be applied before the live patch creation process starts. • Client-generated patches: In Elivepatch, clients specify the live patches to be created whereas current systems only support vendor-generated patches. • Security auditing: Elivepatch is completely open source and thus fully auditable. We will also talk also about future ideas: • Porting to different distributions • Livepatch CI/CD testing