Project

General

Profile

Feature #7155

Xen: Enable livepatch

Added by Florian Heigl about 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Aports
Target version:
Start date:
04/14/2017
Due date:
% Done:

100%

Estimated time:

Description

Hi,

I've gone through the Xen live patch documentation.
It's available https://wiki.xenproject.org/wiki/LivePatch
This stuff isn't easy for sure but before you even can get started trying, you need to have it enabled.

Could we in future versions please build Xen with CONFIG_LIVEPATCH=y set?

People can then later decide if they'll use it or not.

History

#1 Updated by Carlo Landmeter almost 2 years ago

  • Target version changed from 3.6.0 to 3.7.0

#2 Updated by Natanael Copa over 1 year ago

  • Target version changed from 3.7.0 to 3.8.0

I dont think this is compatible with the hardened kernel (grsecurity) which is designed to prevent modifying the kernel runtime (eg rootkits).

#3 Updated by Florian Heigl over 1 year ago

It's not related to the kernel at all. It should work, besides, the worst case scenario is the current state.

Flo

Von meinem BlackBerry gesendet – dem sichersten Mobilgerät

Von:

Gesendet: 30. November 2017 10:27 nachm.

An:

Betreff: [Alpine Linux - Feature #7155] Xen: Enable livepatch

start of _originalContent

Issue #7155 has been updated by Natanael Copa.

Target version changed from 3.7.0 to 3.8.0

I dont think this is compatible with the hardened kernel (grsecurity) which is designed to prevent modifying the kernel runtime (eg rootkits).

Feature #7155: Xen: Enable livepatch

Author: Florian Heigl

Status: New

Priority: Normal

Assignee: Natanael Copa

Category: Aports

Target version: 3.8.0

Hi,

I've gone through the Xen live patch documentation.
It's available https://wiki.xenproject.org/wiki/LivePatch
This stuff isn't easy for sure but before you even can get started trying, you need to have it enabled.

Could we in future versions please build Xen with CONFIG_LIVEPATCH=y set?

People can then later decide if they'll use it or not.

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: https://bugs.alpinelinux.org/my/account

#4 Updated by Carlo Landmeter 10 months ago

  • Target version changed from 3.8.0 to 3.8.1

#5 Updated by Natanael Copa 10 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

CONFIG_LIVEPATCH=y

looks like livepatch is enabled by default in 4.10.

#6 Updated by Natanael Copa 9 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF