Elivepatch Aims To Make Live Kernel Patching Easier On Gentoo

Elivepatch is a new means of live kernel patching of Gentoo Linux and works in a distributed manner.

Elivepatch offers distributed live patch building via a client/server model and allows for automatic live patching of Linux kernel CVEs and allows for incremental live patching.

Elivepatch was developed in part by Alice Ferrazzi during this year's Google Summer of Code project. Her GSoC 2017 project was a success and was added to Gentoo this week via sys-apps/elivepatch-server and sys-apps/elivepatch-client.

The elivepatch-server is what builds the live patch while the elivepatch-client makes requests to the server with its given kernel version and then returns a live patch for the kernel with the latest security fixes. This can be done automated via cron jobs. Elivepatch is written in Python and uses Kpatch for the actual live patching functionality. Elivepatch is designed around Portage so isn't easily portable to other distributions.

Those wishing to learn more about Elivepatch for distributed live patching of Gentoo systems can do so via this Wiki page.