Hello mates,
As you know, in arch Linux the kernel is updated frequently but, is mandatory or good practice reboot any time the kernel is updated?
Edit: Thank you guys for your replies
Hello mates,
As you know, in arch Linux the kernel is updated frequently but, is mandatory or good practice reboot any time the kernel is updated?
Edit: Thank you guys for your replies
I’ve heard about Linux servers running for years. But surely they change kernel without a reboot? More of a curious question.
there is live kernel patching, most distros (like Arch Linux) however don’t set this up by default
there is also the possibility that one live patch don’t work properly
the only reliable way currently to load the full new kernel is via reboot
the real way for server however is to not rely on one single server but have a redundant amount which you can reboot one at a time
Last time I tried replacing the kernel without a reboot it still reset the uptime. And it had about as long of a pause when replacing the kernel as a reboot had. So I don’t see the benefit.
It’s possible to switch to a new kernel without rebooting using
kexec
(though you’re going to drop run levels anyway…), and kernels may be livepatched using various services. Realistically though, if your service can’t handle a particular server being offline for a few minutes to reboot and is too critical to schedule an outage for regular patching you’re doing something wrong.You don’t need to change kernel if the one you have works fine.
For gaming PCs you’re often running hardware that gets improved in the kernel often. For servers, as long as you’re not trying to squeeze every once of performance out of it you can get by with way behind bleeding edge kernels.
One of the easiest attack vectors to secure on a kernel is compiling all your modules directly into the kernel and disabling loadable kernel modules.
Once you’ve got a kernel that has all the bells and whistles you need compiled into it, it’s relatively mature enough to have it’s bugs worked out (like an LTS kernel that’s been out for a month or so), and you’ve applied proper system and kernel hardening configs, that server can run undisturbed for quite a while.