Difference between revisions of "Ksplice"

From ArchWiki
Jump to: navigation, search
(Create usage example for ksplice)
(Update Ksplice information for new maintained git package, simplify usage instructions, sort links and add Ksplice upstream github page)
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Kernel]]
 
[[Category:Kernel]]
 
[[Category:Security]]
 
[[Category:Security]]
{{stub}}
+
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.  
+
  
 
== Installation ==
 
== Installation ==
Install the {{AUR|ksplice}} package from the [[Arch User Repository]].
+
Install the {{AUR|ksplice-git}} package from the [[Arch User Repository]].
 
+
== Configuration ==
+
  
 
== Usage ==
 
== Usage ==
{{Note|The following steps have only been tested on a custom Arch kernel.}}
+
First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: {{ic|System.map}} and {{ic|.config}}.
First, you need some files from the previous kernel build: {{ic|System.map}} and {{ic|.config}}.
+
  
 
This example makes use of the {{ic|--diffext}} option which creates a patch based on the differences between the old and the new source files.
 
This example makes use of the {{ic|--diffext}} option which creates a patch based on the differences between the old and the new source files.
  
Make a {{ic|ksplice}} directory in the kernel source tree:
+
Make a {{ic|ksplice}} directory in the kernel source tree, copy {{ic|System.map}} over from the previous build, and copy {{ic|.config}} into the tree if it is not already in the source tree:
  
 
  # mkdir -p src/ksplice
 
  # mkdir -p src/ksplice
 
Copy {{ic|System.map}} over from the previous build:
 
 
 
  # cp System.map src/ksplice
 
  # cp System.map src/ksplice
 
Copy {{ic|.config}} into the tree if it is not already in the source tree:
 
 
 
  # cp .config src/
 
  # cp .config src/
  
Create a ksplice patch and wait for the kernel to rebuild:
+
Create a ksplice patch and wait for the kernel to rebuild.
 +
All files that end with {{ic|new}} will be compiled into the ksplice patch. C source files, for example, should end in {{ic|.cnew}} as the diffext is appended directly.
  
 
  # ksplice-create --diffext=new src/
 
  # ksplice-create --diffext=new src/
Line 34: Line 25:
  
 
  # ksplice-apply ksplice-*.tar.gz
 
  # ksplice-apply ksplice-*.tar.gz
 +
See man pages for {{ic|ksplice-apply}}, {{ic|ksplice-create}}, {{ic|ksplice-view}}, and {{ic|ksplice-undo}}.
 
== See also ==
 
== See also ==
*[http://www.ksplice.com/ Offical website of Ksplice]
+
*[https://github.com/jirislaby/ksplice Ksplice GitHub]
 
*[https://en.wikipedia.org/wiki/Ksplice Ksplice on Wikipedia]
 
*[https://en.wikipedia.org/wiki/Ksplice Ksplice on Wikipedia]
 +
*[http://www.ksplice.com/ Offical website of Ksplice Uptrack] (proprietary, owned by Oracle)
 +
*[http://cormander.com/2011/08/how-to-use-the-ksplice-raw-utilities/ How to use the Ksplice raw utilities]
 
[[Category:Kernel]]
 
[[Category:Kernel]]
 
[[Category:Security]]
 
[[Category:Security]]

Revision as of 18:24, 11 November 2013

Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.

Installation

Install the ksplice-gitAUR package from the Arch User Repository.

Usage

First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: System.map and .config.

This example makes use of the --diffext option which creates a patch based on the differences between the old and the new source files.

Make a ksplice directory in the kernel source tree, copy System.map over from the previous build, and copy .config into the tree if it is not already in the source tree:

# mkdir -p src/ksplice
# cp System.map src/ksplice
# cp .config src/

Create a ksplice patch and wait for the kernel to rebuild. All files that end with new will be compiled into the ksplice patch. C source files, for example, should end in .cnew as the diffext is appended directly.

# ksplice-create --diffext=new src/

Apply the newly generated patch to the running kernel:

# ksplice-apply ksplice-*.tar.gz

See man pages for ksplice-apply, ksplice-create, ksplice-view, and ksplice-undo.

See also