The promise of live patching for a Linux kernel is one that multiple vendors have been chasing for several years. Today, SUSE announced the latest iteration of its live patching approach, with SUSE Linux Enterprise Live patching, targeting users of SAP applications, including the HANA in-memory database.
SUSE Linux Enterprise Live Patching is available for x86-64 servers on top of SUSE Linux Enterprise Server 12 Service Pack 1 for SAP Applications, which is SUSE’s optimized operating system platform for SAP.
Live patching for Linux has been available for several years via Oracle’s kSplice technology, and both Red Hat and SUSE have been working on live patching technology that first started to appear in the Linux 4.0 kernel that debuted in April 2015.
“Live Patching from SUSE is currently using the kGraft technology, developed by SUSE Labs,” SUSE product manager Hannes Kuehnemund, told ServerWatch. “Parts of our technology are merged upstream.”
Kuehnemund added that SUSE’s expectation is that by the end of the year the upstream version will be providing all features required by enterprises, which will allow SUSE to switch from its own home-grown solution to the upstream one. The upstream approach makes use of both kGraft as well as elements from Red Hat’s kpatch live patching approach.
How the kGraft Technology Works
In terms of how the kGraft technology now works, it’s not a wholesale replacement of a running kernel.
“We do not install a new kernel; we patch the most severe security flaws of the running kernel,” Kuehnemund explained. “And yes, there is no interruption of the application, be it SAP HANA, SAP NetWeaver or anything else.”
The live kernel patching for SAP applications isn’t the first time that SUSE has made the patching technology available. In November 2014, SUSE first announced Enterprise Live Patching for SUSE Linux Enterprise Server 12.
SUSE is also expanding its overall partner efforts this week with the new SUSE connect application catalog.
“With SUSE Connect, we allow a one-click installation of partner software within our local systems management framework, YaST,” Kuehnemund said.