SUSE adds security automation support for Kernel Live Patches
SUSE has found that security automation is not handling SUSEs kernel livepatches very well.
To understand the underlying problem and ways toward a solution, lets first look at the underlying concepts.
Kernel livepatching is a technology where functions within a running Linux kernel are patched to fix security issues, without rebooting or even stopping the kernel. This allows uninterrupted use of workloads over long times.
Kernel livepatches from SUSE are delivered as loadable kernel modules that are delivered in RPMs seperately from the kernel RPMs.