Canonical Livepatch Service: Patch Linux Kernel on Ubuntu without Reboot

In this tutorial we’re going to learn how to patch Linux kernel on Ubuntu without reboot using the Canonical Livepatch service, which uses the upstream Linux Kernel Live Patching technology to apply critical kernel patches without rebooting.

This will be helpful to your website’s uptime. I use this feature for the server that runs this blog. The livepatch service allows your server to stay up and safe, so you can reboot your server at a later time. For my other servers like mail server that doesn’t require high uptime, I simply configure unattended security updates, which can instruct my server to automatically reboot at 4 AM if a new kernel is installed.

The Canonical livepatch service is free of charge for up to 3 machines (laptop, server or cloud). In order to use this service, your system must be a 64 bit Ubuntu OS with Linux kernel 4.4+.

Patching Linux Kernel Without Reboot Using Canonical Livepatch Service

First, go to Canonical Livepatch service page. Select Ubuntu user if you want to use the service without paying for up to 3 machines. If you are an UA customer, then select Ubuntu Advantage customer.  And click Get your Livepatch token.

canonical livepatch service

You need to sign in with your Ubuntu One account which is totally free of charge. Once you are signed in, you will get a secret key for your account.

live kernel patching

Then make sure you have the snap daemon installed on your Ubuntu system.

sudo apt update
sudo apt install snapd

Next, install the canonical-livepatch daemon.

sudo snap install canonical-livepatch

Enable the service with the following command.

sudo canonical-livepatch enable your-secret-key

Sample output:

Successfully enabled device. Using machine-token: 2ca4f0662793daje0393jdaf39332d

You can check live patch status at any time with:

canonical-livepatch status --verbose

patch linux kernel on ubuntu without reboot

Possible patch states are:

  • nothing-to-apply: No vulnerability found.
  • applied: Vulnerability found and patch is applied
  • kernel-upgrade-required: Livepatch cannot install a patch to fix the vulnerability on the current running kernel.

You can also run the patcher manually:

sudo canonical-livepatch refresh

Please note that kernel patching is different from upgrading the kernel to the latest version.

  • Live kernel patch: fix vulnerabilities in the currently running Linux kernel.
  • Upgrade Kernel: Upgrade to a newer kernel. Requires reboot in order to use the new features in the new kernel.

Wrapping Up

I hope this tutorial helped you use the Canonical Live Patch service to update your Ubuntu LTS systems with the highest and most critical security vulnerabilities, without a reboot. Subscribe to our free newsletter to get latest Linux tutorials. You can also follow us on Twitter or like our Facebook page.

Rate this tutorial
[Total: 7 Average: 4]

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.


The maximum upload file size: 2 MB.
You can upload: image.