3.1 About the Ksplice Enhanced Client

The Ksplice Enhanced client is available for Oracle Linux 6 and Oracle Linux 7 that can patch in-memory pages of Ksplice-aware shared libraries such as glibc and openssl for user space processes in addition to the kernel updates of the traditional Ksplice Uptrack client. User space patching enables you to install bug fixes and protect your system against security vulnerabilities without having to restart processes and services. Both an online and an offline version of the enhanced client are available.

Note

Ksplice reports an error such as the following if it is not able to apply updates to processes that cannot access /var/cache/ksplice:

Ksplice was unable to load the update as the target process is in a
different mount namespace or has changed root.  The service must be
restarted to apply on-disk updates.
Extra information: the process has changed root or mount namespace.
  └─ rtkit-daemon (3680)

This error might typically seen with processes that use chroot or that run in an LXC or Docker container. In such cases, you must restart the process to apply any available updates. For example, to restart the rtkit-daemon service, you would use the systemctl restart rtkit-daemon command.

To avoid having to restart a chrooted application that you maintain and compile, ensure that /var/cache/ksplice is bind mounted in the chrooted environment.

Ksplice cannot patch applications that use either setcontext or swapcontext from glibc to perform user space context switching between process threads.

Due to kernel limitations, Ksplice does not patch the init process, PID 1. On Oracle Linux 7, the init process, which is actually systemd, is automatically re-executed on system updates, so it does not require patching with Ksplice. On Oracle Linux 6, Upstart is not capable of re-executing itself, so any updates to glibc that can affect Upstart might require a reboot.

You manage the enhanced Ksplice client by using the ksplice command rather than uptrack commands. Note that the enhanced Ksplice client shares the same configuration file as the Uptrack client, which is located at /etc/uptrack/uptrack.conf. For more information about this file, see Section 1.6, “Configuring a Ksplice Client”.