Difference between revisions of "Ksplice"

From ArchWiki
Jump to: navigation, search
(flag for archival)
 
(11 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
[[Category:Kernel]]
 
[[Category:Kernel]]
 
[[Category:Security]]
 
[[Category:Security]]
{{stub}}
+
[[ja:Ksplice]]
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.  
+
{{Archive|Not migrated to AUR, only support for Fedora and Ubuntu since 2015 [http://ksplice.oracle.com/try/desktop]}}
 +
Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system. By 2011, it is acquired by Oracle and available only under premier support.
  
 
== Installation ==
 
== Installation ==
Install the {{AUR|ksplice}} package from the [[Arch User Repository]].
 
  
== Configuration ==
+
Install the {{AUR|ksplice-git}}{{Broken package link|{{aur-mirror|ksplice-git}}}} package from the [[Arch User Repository]].
  
 
== Usage ==
 
== Usage ==
 +
 +
First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: {{ic|System.map}} and {{ic|.config}}.
 +
 +
If you don't have {{ic|System.map}} from the previous build, you can copy {{ic|/proc/kallsyms}} as an equivalent. If the {{ic|kernel.kptr_restrict}} kernel parameter is enabled, remember to copy it as root.
 +
 +
This example makes use of the {{ic|--diffext}} option which creates a patch based on the differences between the old and the new source files.
 +
 +
Make a {{ic|ksplice}} directory in the kernel source tree, copy {{ic|System.map}} over from the previous build, and copy {{ic|.config}} into the tree if it is not already in the source tree:
 +
 +
# mkdir -p src/ksplice
 +
# cp System.map src/ksplice
 +
# cp .config src/
 +
 +
Create a ksplice patch and wait for the kernel to rebuild.
 +
All files that end with {{ic|new}} will be compiled into the ksplice patch. C source files, for example, should end in {{ic|.cnew}} as the diffext is appended directly.
 +
 +
# ksplice-create --diffext=new src/
 +
 +
Apply the newly generated patch to the running kernel:
 +
 +
# ksplice-apply ksplice-*.tar.gz
 +
See man pages for {{ic|ksplice-apply}}, {{ic|ksplice-create}}, {{ic|ksplice-view}}, and {{ic|ksplice-undo}}.
  
 
== See also ==
 
== See also ==
*[http://www.ksplice.com/ Offical website of Ksplice]
+
 
*[https://en.wikipedia.org/wiki/Ksplice Ksplice on Wikipedia]
+
*[https://github.com/jirislaby/ksplice Ksplice GitHub]
[[Category:Kernel]]
+
*[[wikipedia:Ksplice]]
[[Category:Security]]
+
*[http://www.ksplice.com/ Offical website of Ksplice Uptrack] (proprietary, owned by Oracle)
 +
*[http://cormander.com/2011/08/how-to-use-the-ksplice-raw-utilities/ How to use the Ksplice raw utilities]

Latest revision as of 12:42, 17 August 2016

Gnome-colors-add-files-to-archive.pngThis article is being considered for archiving.Gnome-colors-add-files-to-archive.png

Reason: Not migrated to AUR, only support for Fedora and Ubuntu since 2015 [1] (Discuss in Talk:Ksplice#)

Ksplice is an open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system. By 2011, it is acquired by Oracle and available only under premier support.

Installation

Install the ksplice-gitAUR[broken link: archived in aur-mirror] package from the Arch User Repository.

Usage

First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build: System.map and .config.

If you don't have System.map from the previous build, you can copy /proc/kallsyms as an equivalent. If the kernel.kptr_restrict kernel parameter is enabled, remember to copy it as root.

This example makes use of the --diffext option which creates a patch based on the differences between the old and the new source files.

Make a ksplice directory in the kernel source tree, copy System.map over from the previous build, and copy .config into the tree if it is not already in the source tree:

# mkdir -p src/ksplice
# cp System.map src/ksplice
# cp .config src/

Create a ksplice patch and wait for the kernel to rebuild. All files that end with new will be compiled into the ksplice patch. C source files, for example, should end in .cnew as the diffext is appended directly.

# ksplice-create --diffext=new src/

Apply the newly generated patch to the running kernel:

# ksplice-apply ksplice-*.tar.gz

See man pages for ksplice-apply, ksplice-create, ksplice-view, and ksplice-undo.

See also