Apply kernel patches without rebooting

1. Overview

The Canonical Livepatch Service applies critical kernel security patches without rebooting Ubuntu. This is especially useful on production environments and services where any downtime could be disruptive.

Livepatch is free for up to 3 machines. It is also included in every Ubuntu Advantage subscription.

This tutorial will show you how to enable this service on your Ubuntu system.

What you’ll need

  • A computer running Ubuntu 16.04 LTS or 14.04 LTS with an Internet connection
  • An Ubuntu One account
  • Some basic command-line knowledge

2. Getting the Livepatch token

In order to use this service, you have to generate the Livepatch token.

To get it, simply visit the Livepatch portal.


Select the Ubuntu user option and click Get your Livepatch token. You’ll have to log in with your Ubuntu One account if you haven’t done so already.

The portal will return your Livepatch credentials:


You’ll see a key associated with your account. Don’t close the page or copy the token somewhere - you’ll need it later.

3. Installing the Livepatch daemon

Enabling snap support

The Livepatch daemon is distributed through the Snap Store.

If you are using Ubuntu 14.04 LTS, you have to enable snap support first:

sudo apt update
sudo apt install snapd

Then, start a new shell so your PATH variable is updated to include the snapd package.

Ubuntu 16.04 LTS supports snaps by default - you don’t have to do anything.

Installing the daemon

To install the Livepatch daemon, simply type:

sudo snap install canonical-livepatch

4. Enabling Livepatch

Almost there! You now have to enable the service with the token you got from the Livepatch portal:

sudo canonical-livepatch enable <token>

Once the service has checked your token, you should see the following message:

Successfully enabled device. Using machine-token: <token>

You can ensure that the Livepatch service is working properly by running:

canonical-livepatch status --verbose


5. Conclusion

Congratulations, you now have zero downtime kernel patching on your system!

