Documentation on how to configure live kernel patching. #1559
Comments
|
@dcasota That does outline how to set it up, but is live patching going to become part of the built-in patching? Will the patches be distributed through some means within the OS (which that go through the kpatch scripts), or will that be a manual process? Thanks! |
|
@novaksam I don’t know. In VCF, Broadcom has various software delivery methods for virtual machines’ virtual hardware and guest os inside. It just works. For the open-source Photon OS version the Photon OS team publishes security packages quite fast. Simply update your os using tdnf and tdnf-automatic. Intelligent Patching is interesting for products with Photon OS as sub component, 100%. Actually, I think the non-classic way is Broadcom AI land. |
|
@novaksam Apologies for the lack of documentation. At the moment, we are just providing some tools for users to generate/manage their own livepatches; it will be a manual process for now. Patches are already available in github when fixes are merged, e.g 8ead6b4, but you'll have to generate and load the livepatch module(s) yourself. |
|
It's all good, was hoping it would be a native part of the product, but it appears to not be at that point currently. |
Is your feature request related to a problem? Please describe.
According to the Photon 5 release notes, one of the big highlights was live kernel patching, but I'm unable to find any documentation whatsoever about how this operates or how to configure it. I found references to kpatch, but no documentation on how to configure.
Describe the solution you'd like
Documentation on how to configure this live patching, unless it is already baked in to tdnf.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: