Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.
First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build:
If you don't have
System.map from the previous build, you can copy
/proc/kallsyms as an equivalent. If the
kernel.kptr_restrict kernel parameter is enabled, remember to copy it as root.
This example makes use of the
--diffext option which creates a patch based on the differences between the old and the new source files.
ksplice directory in the kernel source tree, copy
System.map over from the previous build, and copy
.config into the tree if it is not already in the source tree:
# mkdir -p src/ksplice # cp System.map src/ksplice # cp .config src/
Create a ksplice patch and wait for the kernel to rebuild.
All files that end with
new will be compiled into the ksplice patch. C source files, for example, should end in
.cnew as the diffext is appended directly.
# ksplice-create --diffext=new src/
Apply the newly generated patch to the running kernel:
# ksplice-apply ksplice-*.tar.gz
See man pages for