User: Password:
|
|
Subscribe / Log in / New account

Checkpoint/restart (mostly) in user space

Checkpoint/restart (mostly) in user space

Posted Jul 21, 2011 17:05 UTC (Thu) by paravoid (subscriber, #32869)
Parent article: Checkpoint/restart (mostly) in user space

I wonder if checkpoint/restart in combination with kexec would help security kernel upgrades with a limited downtime (worse than ksplice but better than a reboot :)


(Log in to post comments)

Checkpoint/restart (mostly) in user space

Posted Jul 22, 2011 22:19 UTC (Fri) by mhelsley (guest, #11324) [Link]

Actually it could be much better than ksplice -- ksplice is rather limited in the kinds of security fixes it can apply as I recall. To be fair, checkpoint/restart is also limited -- if a process being checkpointed has a physical device open (unlike, say, a pty) then it's difficult or practicaly impossible to checkpoint. So the set of processes with devices open this way are what will determine whether checkpoint/restart is a practical solution for this problem.

Checkpoint/restart (mostly) in user space

Posted Jul 23, 2011 15:06 UTC (Sat) by Lennie (guest, #49641) [Link]

ksplice is limited, but if I recall correctly it works automated for 89% of the security patches. The other 11% a programmer has to make the code to change a data structure in the kernel.

Checkpoint/restart (mostly) in user space

Posted Jul 28, 2011 9:16 UTC (Thu) by mhelsley (guest, #11324) [Link]

Sure. Though I wonder what "89% security patches" really means in practical terms. What is a "security patch" to whoever produced that number, and what portion of all kernel patches (in the sample, a single release, or overall?) are classified as such? "security patches" could be a small portion of the patches applied to the kernel in any given release so that 89% is potentially much less impressive than it sounds.

Checkpoint/restart (mostly) in user space

Posted Jul 28, 2011 19:05 UTC (Thu) by Lennie (guest, #49641) [Link]

I always assumed it was a stable release of 'server-distribution', a slow moving target, like Debian stable or Ubuntu LTS which only gets security updates on the kernel (maybe some stability updates). And it is those security patches that they are talking about it.

But I could be wrong ofcourse.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds