I recently wrote a story for Red Hat’s Enable SysAdmin blog on kernel live patching and how to enable it in Red Hat systems. I also wanted to share how to enable it in Amazon Linux 2’s 4.X kernel since it’s such a great feature and security addition.


As before, you can verify your kernel version with sudo yum list kernel or uname -r.

$ sudo yum list kernel
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Installed Packages
kernel.x86_64
5.10.109-104.500.amzn2
installed
$

Next you want to install the kernel-livepatch yum plugin and enable it:

$ sudo yum install -q yum-plugin-kernel-livepatch
...
$ sudo yum kernel-livepatch enable -q
...
$

Then install kpatch or update it if it was already installed and ensure it is enabled. This is the feature in the Linux kernel that allows for live patching.

$ sudo yum install -q kpatch-runtime
...
$ sudo yum update kpatch-runtime
...
$ sudo systemctl enable kpatch.service
Created symlink from /etc/systemd/system/multi-user.target.wants/kpatch.service to /usr/lib/systemd/system/kpatch.service.
$

Finally, enable the Amazon Linux 2 extras topic for kernel live patching. This topic contains the actual live patches.

$ sudo amazon-linux-extras enable livepatch
... 
 43  livepatch=latest         enabled      [ =stable ]
...
$

References