3.1 About the Enhanced Ksplice Client

An enhanced Ksplice client is available for Oracle Linux 6 and Oracle Linux 7 that can patch in-memory pages of Ksplice-aware shared libraries such as glibc and openssl for user-space processes in addition to the kernel updates of the traditional Ksplice Uptrack client. User-space patching allows you to install bug fixes and protect your system against security vulnerabilities without having to restart processes and services. Both an online and an offline version of the enhanced client are available.

Note

Ksplice reports an error such as the following if it is not able to apply updates to processes that cannot access /var/cache/ksplice:

Ksplice was unable to load the update as the target process is in a
different mount namespace or has changed root.  The service must be
restarted to apply on-disk updates.
Extra information: the process has changed root or mount namespace.
  └─ rtkit-daemon (3680)

This error might typically seen with processes that use chroot or that run in an LXC or Docker container. In such cases, you must restart the process to apply any available updates. For example, to restart the rtkit-daemon service, you would enter systemctl restart rtkit-daemon.

To avoid having to restart a chrooted application that you maintain and compile, ensure that /var/cache/ksplice is bind mounted into the chrooted environment.

Ksplice cannot patch applications that use either setcontext or swapcontext from glibc to perform user-space context switching between process threads.

Due to kernel limitations, Ksplice does not patch the init process, PID 1. On Oracle Linux 7, the init process, which is actually systemd, is automatically re-executed on system updates so does not require patching with Ksplice. On Oracle Linux 6, Upstart is not capable of re-executing itself, so updates to glibc that can affect Upstart may require a reboot.

You manage the enhanced Ksplice client by using the ksplice command instead of the uptrack commands. Note that the enhanced Ksplice client shares the same configuration file as the Uptrack client, located at /etc/uptrack/uptrack.conf. For more information on this file, see Section 1.5, “Configuring a Ksplice Client”.