“KernelCare”的意思、由来-开放百科全书

KernelCare software is released under GPL2. The first beta was introduced in March 2014 and it was commercially launched in May 2014. KernelCare supports CentOS/RHEL 5.x, 6.x and 7.x; CloudLinux 5.x, 6.x and 7.x; Parallels Cloud Server; Virtuozzo; OpenVZ; Debian 6.x, 7.x and 8.x; and Ubuntu 14.04 LTS, 15.10, 16.04.^[4]^[5]

Overview

KernelCare agent resides on user's server. It periodically checks in with KernelCare distribution servers. If there are new patches available for the currently running kernel, KernelCare agent downloads and applies those patches to the running kernel.

A KernelCare patch is a piece of code used to substitute vulnerable or buggy code in a kernel. It can be an arbitrary code line modification, or it can be a missing security check, a set of functions, or even modified data structures.^[6]

The patch is compiled as usual, but the generated code has additional information about all changed code pieces caused by original source code modification and information on to how to apply these code pieces. The resulting code modifications are safely applied to the running kernel.

A special KernelCare kernel module applies the patches. It loads the patches into the kernel address space, sets up the relocations (i.e., fixes the references to the original kernel code and data), and safely switches the execution path from the original code to updated code blocks. The code ensures the patch is applied safely so the CPU doesn't execute the original code blocks at the same moment when switching to a new version.^[7]^[8]

See also

References

1. ^{{cite web|title=CloudLinux announces KernelCare.com rebootless kernel update service|url=https://www.pingzine.com/cloudlinux-announces-kernelcare-com-rebootless-kernel-update-service-31987/|publisher=PingZine.com|accessdate=29 August 2015}}
2. ^{{cite web|title=KernelCare Promises Linux Security Updates Without the Reboots|url=http://thevarguy.com/open-source-application-software-companies/050614/embargo-may-6-1201-am-est-kernelcare-promises-linux-secur|publisher=The Var Guy|accessdate=29 August 2015}}
3. ^{{cite web|title=KernelCare: New no-reboot Linux patching system|url=http://www.zdnet.com/article/kernelcare-new-no-reboot-linux-patching-system/|publisher=ZDNet|accessdate=29 August 2015}}
4. ^{{cite web|title=CloudLinux Unveils KernelCare for Automatic Updates of Parallels Virtuozzo Containers Kernel|url=http://www.hostingjournalist.com/iaas-hosting/cloudlinux-unveils-kernelcare-for-automatic-updates-of-parallels-virtuozzo-containers-kernel/|publisher=Hosting Journalist|accessdate=29 August 2015}}
5. ^{{cite web|url=http://patches.kernelcare.com/|title=List of compatible kernels|last=|first=|date=|website=|publisher=KernelCare Directory|archive-url=|archive-date=|dead-url=|accessdate=15 November 2017}}
6. ^{{cite web|title=KernelCare: New no-reboot Linux patching system|url=http://fullcirclemagazine.org/2014/05/07/kernelcare-new-no-reboot-linux-patching-system/|publisher=Full Circle|accessdate=29 August 2015}}
7. ^{{cite web|title=CloudLinux Launches KuberDock Public Beta|url=http://www.thehostingnews.com/cloudlinux-launches-kuberdock-public-beta.html|accessdate=29 August 2015}}
8. ^{{cite web|title=KernelCare verspricht Patches ohne Neustart|url=http://www.pro-linux.de/news/1/21062/kernelcare-verspricht-patches-ohne-neustart.html|publisher=Pro-Linux|accessdate=29 August 2015}}

Overview

See also

References

External links