ksplice

ksplice is handy in case there is a serious security fix and you don’t want or can’t afford rebooting your system immediately.

Let’s pick an example, the kernel-2.6.28-6anacreon3 update, which added CVE-2009-2692.patch.

First update FST so that you will have the patch:

# repoman upd

Now create a working dir:

$ cp -a /usr/src/linux/ ~/linux-source
$ cd ~/linux-source
$ mkdir ksplice
$ cp /boot/config ksplice/.config
$ cp /boot/System.map ksplice/
$ ln -s ~/linux-source ksplice/build
$ cp /var/fst/stable/source/base/kernel/CVE-2009-2692.patch .

Now create the ksplice update:

$ ksplice-create --patch=CVE-2009-2692.patch ~/linux-source

Then apply it:

# ksplice-apply ksplice-st4dt4bg.tar.gz

To view all applies updates, or a specific one:

# ksplice-view
# ksplice-view --id=st4dt4bg

To revert one:

# ksplice-undo st4dt4bg