KSplice in Fedora?
Jon Masters
jonathan at jonmasters.org
Wed Jul 1 19:29:55 UTC 2009
On Wed, 2009-07-01 at 14:19 -0400, Bill McGonigle wrote:
> On 07/01/2009 01:48 PM, Jochen Schmitt wrote:
> >
> > On Fedora we have kernels from the 2.6.27 and from the 2.6.28 series.
> > This means, that you have to create seperates kernel patch modules for
> > each kernel release which was submitted for Fedora-10.
>
> This is why I suggested it would be practical to set a bar.
I think it would be very useful to offer rebootless updates on a
schedule - so for example, "one CVE fix" followed by "must reboot within
a week or so", during which time it is unlikely there will be another
CVE to stack upon the first. Truly never rebooting is something most
users aren't worried too much about (even with shiny Apple crap) and
those who are tend to be telco/embedded types who have had their own
hacks for years and years - Montavista still have something in CGL.
> The example I gave was a kernel which was the latest kernel in the
> past two weeks. This would usually be one, occasionally two. For a
> sysadmin, it's pretty easy to schedule a reboot within two weeks.
> '-r now' can be impossible.
Indeed. There's a lot of value in saying that you can delay the reboot
but that you're protected now - akin to the syscall table hacks we used
to shove onto some systems to fix the vmsplice of the moment issue.
> > The reseason to do it, is that ksplice is not able to handled patches,
> > which may change global data structures.
Why not ask Tim to comment on the limitations directly? The ksplice guys
are pretty amenable types and I'm sure they would happily chat with you.
Jon.
More information about the fedora-devel-list
mailing list