Here are some extra details about the status of livepatch when a kernel upgrade is required.
I am running an 18.04 VM with an old 4.15.0-20-generic kernel from April 2018. Here is status in yaml format:
ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml client-version: 9.5.5 architecture: x86_64 cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz last-check: 2020-05-15T11:29:29-04:00 boot-time: 2020-05-15T15:28:49Z uptime: 59s status: - kernel: 4.15.0-20.21-generic running: true livepatch: checkState: checked patchState: kernel-upgrade-required version: "42.1" fixes: |- * CVE-2018-10323 * CVE-2018-10840 [...removing some CVEs to keep this short...]
There are no kernel upgrades pending a reboot on this box, so no /var/run/reboot-required:
ubuntu@bioniclivepatcholdkernel:~$ ls -l /var/run/reboot-required* ls: cannot access '/var/run/reboot-required*': No such file or directory
If I upgrade to a new kernel, those files are created:
ubuntu@bioniclivepatcholdkernel:~$ ls -l /var/run/reboot-required* -rw-r--r-- 1 root root 32 May 15 11:37 /var/run/reboot-required -rw-r--r-- 1 root root 11 May 15 11:37 /var/run/reboot-required.pkgs
ubuntu@bioniclivepatcholdkernel:~$ cat /var/run/reboot-required *** System restart required ***
ubuntu@bioniclivepatcholdkernel:~$ cat /var/run/reboot-required.pkgs linux-base
And nothing changes in the output of canonical-livepatch status --format yaml:
ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml client-version: 9.5.5 architecture: x86_64 cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz last-check: 2020-05-15T11:29:29-04:00 boot-time: 2020-05-15T15:28:49Z uptime: 9m38s status: - kernel: 4.15.0-20.21-generic running: true livepatch: checkState: checked patchState: kernel-upgrade-required version: "42.1" fixes: |- * CVE-2018-10323 * CVE-2018-10840 [...removing some CVEs to keep this short...]
And if I reboot into a recent kernel, the up to date status is:
ubuntu@bioniclivepatcholdkernel:~$ canonical-livepatch status --format yaml client-version: 9.5.5 architecture: x86_64 cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz last-check: 2020-05-15T11:42:09-04:00 boot-time: 2020-05-15T15:41:28Z uptime: 50s status: - kernel: 4.15.0-99.100-generic running: true livepatch: checkState: checked patchState: nothing-to-apply version: "" fixes: ""
Here are some extra details about the status of livepatch when a kernel upgrade is required.
I am running an 18.04 VM with an old 4.15.0-20-generic kernel from April 2018. Here is status in yaml format:
ubuntu@ bioniclivepatch oldkernel: ~$ canonical-livepatch status --format yaml 15T11:29: 29-04:00 15T15:28: 49Z 20.21-generic upgrade- required
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-
boot-time: 2020-05-
uptime: 59s
status:
- kernel: 4.15.0-
running: true
livepatch:
checkState: checked
patchState: kernel-
version: "42.1"
fixes: |-
* CVE-2018-10323
* CVE-2018-10840
[...removing some CVEs to keep this short...]
There are no kernel upgrades pending a reboot on this box, so no /var/run/ reboot- required:
ubuntu@ bioniclivepatch oldkernel: ~$ ls -l /var/run/ reboot- required* reboot- required* ': No such file or directory
ls: cannot access '/var/run/
If I upgrade to a new kernel, those files are created:
ubuntu@ bioniclivepatch oldkernel: ~$ ls -l /var/run/ reboot- required* reboot- required reboot- required. pkgs
-rw-r--r-- 1 root root 32 May 15 11:37 /var/run/
-rw-r--r-- 1 root root 11 May 15 11:37 /var/run/
ubuntu@ bioniclivepatch oldkernel: ~$ cat /var/run/ reboot- required
*** System restart required ***
ubuntu@ bioniclivepatch oldkernel: ~$ cat /var/run/ reboot- required. pkgs
linux-base
And nothing changes in the output of canonical-livepatch status --format yaml:
ubuntu@ bioniclivepatch oldkernel: ~$ canonical-livepatch status --format yaml 15T11:29: 29-04:00 15T15:28: 49Z 20.21-generic upgrade- required
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-
boot-time: 2020-05-
uptime: 9m38s
status:
- kernel: 4.15.0-
running: true
livepatch:
checkState: checked
patchState: kernel-
version: "42.1"
fixes: |-
* CVE-2018-10323
* CVE-2018-10840
[...removing some CVEs to keep this short...]
And if I reboot into a recent kernel, the up to date status is:
ubuntu@ bioniclivepatch oldkernel: ~$ canonical-livepatch status --format yaml 15T11:42: 09-04:00 15T15:41: 28Z 99.100- generic
client-version: 9.5.5
architecture: x86_64
cpu-model: Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
last-check: 2020-05-
boot-time: 2020-05-
uptime: 50s
status:
- kernel: 4.15.0-
running: true
livepatch:
checkState: checked
patchState: nothing-to-apply
version: ""
fixes: ""