Elivepatch: Flexible Distributed Linux Kernel Live Patching
Elivepatch addresses the limitations and shortcomings of the current distributed live patching services as follows: 3rd-party trust: Trust on a third-party service can be eliminated by deploying E …
|Talk Title||Elivepatch: Flexible Distributed Linux Kernel Live Patching|
|Speakers||Alice Ferrazzi (OSS開発者, サイバートラスト株式会社)|
|Conference||Automotive Linux Summit & Open Source Summit Japan|
|Date||Jun 19-22, 2018|
“Elivepatch” addresses the limitations and shortcomings of the current distributed live patching services as follows: • 3rd-party trust: Trust on a third-party service can be eliminated by deploying Elivepatch in-house. • Custom kernel configurations: Live patches can be created for different kernel versions and configurations by varying the parameters to Elivepatch. • Modified kernels: Support is extended to locally modified kernels (e.g. out-of-tree patch sets) by sending the server a list of patches that should be applied before the live patch creation process starts. • Client-generated patches: In Elivepatch, clients specify the live patches to be created whereas current systems only support vendor-generated patches. • Security auditing: Elivepatch is completely open source and thus fully auditable.