Features/Ksplice Uptrack rebootless updates

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Scope)
(How To Test)
Line 42: Line 42:
  
 
== How To Test ==
 
== How To Test ==
 +
The Uptrack service is currently available for testing on Fedora 13. To test, please install the ksplice-uptrack RPM on a Fedora 13 system running an old version of the kernel. The client software will alert the user that there are rebootless updates available and will prompt the user to install them. After installation, the "uptrack-show" command will show the patched CVEs, and exploits written against vulnerabilities patched by the updates will no longer work. There should be no visable disruption of the machine while updates are being installed.
 +
 
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.  
 
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.  
  

Revision as of 23:22, 19 July 2010


Contents

Feature Name

Ksplice Uptrack rebootless kernel updates

Summary

Keep Fedora's kernel up-to-date without rebooting. This uses the Ksplice Uptrack service to safely update the running kernel in memory, making it more convenient to stay on top of security and other important kernel updates.

Owner

  • Email: keithw@ksplice.com

Current status

  • Targeted release: Fedora 14
  • Last updated: July 19, 2010
  • Percentage of completion: 100%


Detailed Description

Ksplice Uptrack allows system administrators to update the running Linux kernel "rebootlessly," using technology first developed at the Massachusetts Institute of Technology. Fedora and other major Linux distributions generally ask their users to reboot roughly once a month to install a new kernel to fix security and reliability issues. Empirically, users rarely install such updates -- Ksplice has measured real-world compliance at about 20% -- and until a system can be updated, it remains vulnerable to security flaws. By allowing IT administrators to install kernel updates without downtime, Uptrack dramatically reduces the cost of system administration and boosts adherence to security updates to greater than 95%.

Ksplice Inc. will supply rebootless versions of the kernel updates Fedora distributes. The service will be free of charge. The client software is licensed under the GNU General Public License, version 2.

Benefit to Fedora

Fedora will gain the capability to apply important kernel updates without the disruption and downtime of a reboot. This will boost the security and reliability of systems that choose to install such rebootless updates. Fedora will become the first Linux distribution to integrate rebootless updates into the distribution.

Scope

A package of client software conforming to the Fedora Packaging Guidelines has been submitted for review (https://bugzilla.redhat.com/show_bug.cgi?id=616251).

The service is already operational in a preview for Fedora 13, and will begin supplying Fedora 14's kernel updates as soon as the kernel stabilizes.

How To Test

The Uptrack service is currently available for testing on Fedora 13. To test, please install the ksplice-uptrack RPM on a Fedora 13 system running an old version of the kernel. The client software will alert the user that there are rebootless updates available and will prompt the user to install them. After installation, the "uptrack-show" command will show the patched CVEs, and exploits written against vulnerabilities patched by the updates will no longer work. There should be no visable disruption of the machine while updates are being installed.


User Experience

Dependencies

Contingency Plan

Documentation

Release Notes

Comments and Discussion