Difference between revisions of "Ksplice"

From ArchWiki
Jump to: navigation, search
(Created page with "Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating...")
 
(Update Ksplice information for new maintained git package, simplify usage instructions, sort links and add Ksplice upstream github page)
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.  
+
[[Category:Kernel]]
 +
[[Category:Security]]
 +
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.
  
= Installation =
+
== Installation ==
Using the aur-packetwrapper [[yaourt]], it's fairly easy to install ksplice:
+
Install the {{AUR|ksplice-git}} package from the [[Arch User Repository]].
{{bc|# yaourt -S ksplice}}
+
  
= Configuration =
+
== Usage ==
 +
First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: {{ic|System.map}} and {{ic|.config}}.
  
= Usage =
+
This example makes use of the {{ic|--diffext}} option which creates a patch based on the differences between the old and the new source files.
  
= See also =
+
Make a {{ic|ksplice}} directory in the kernel source tree, copy {{ic|System.map}} over from the previous build, and copy {{ic|.config}} into the tree if it is not already in the source tree:
*[http://www.ksplice.com/ Offical website of Ksplice]
+
 
 +
# mkdir -p src/ksplice
 +
# cp System.map src/ksplice
 +
# cp .config src/
 +
 
 +
Create a ksplice patch and wait for the kernel to rebuild.
 +
All files that end with {{ic|new}} will be compiled into the ksplice patch. C source files, for example, should end in {{ic|.cnew}} as the diffext is appended directly.
 +
 
 +
# ksplice-create --diffext=new src/
 +
 
 +
Apply the newly generated patch to the running kernel:
 +
 
 +
# ksplice-apply ksplice-*.tar.gz
 +
See man pages for {{ic|ksplice-apply}}, {{ic|ksplice-create}}, {{ic|ksplice-view}}, and {{ic|ksplice-undo}}.
 +
== See also ==
 +
*[https://github.com/jirislaby/ksplice Ksplice GitHub]
 
*[https://en.wikipedia.org/wiki/Ksplice Ksplice on Wikipedia]
 
*[https://en.wikipedia.org/wiki/Ksplice Ksplice on Wikipedia]
[[Category:Kernel (English)]]
+
*[http://www.ksplice.com/ Offical website of Ksplice Uptrack] (proprietary, owned by Oracle)
[[Category:Security (English)]]
+
*[http://cormander.com/2011/08/how-to-use-the-ksplice-raw-utilities/ How to use the Ksplice raw utilities]
 +
[[Category:Kernel]]
 +
[[Category:Security]]

Revision as of 18:24, 11 November 2013

Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.

Installation

Install the ksplice-gitAUR package from the Arch User Repository.

Usage

First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: System.map and .config.

This example makes use of the --diffext option which creates a patch based on the differences between the old and the new source files.

Make a ksplice directory in the kernel source tree, copy System.map over from the previous build, and copy .config into the tree if it is not already in the source tree:

# mkdir -p src/ksplice
# cp System.map src/ksplice
# cp .config src/

Create a ksplice patch and wait for the kernel to rebuild. All files that end with new will be compiled into the ksplice patch. C source files, for example, should end in .cnew as the diffext is appended directly.

# ksplice-create --diffext=new src/

Apply the newly generated patch to the running kernel:

# ksplice-apply ksplice-*.tar.gz

See man pages for ksplice-apply, ksplice-create, ksplice-view, and ksplice-undo.

See also