关于Linux, 我们可以使用 Red Hat Enterprise Linux 内核实时修补解决方案在不重启或者重启任何进程的情况下对运行的内核进行补丁
先看一下官网的一段关于Applying patches with kernel live patching 的介绍:
You can use the Red Hat Enterprise Linux kernel live patching solution to patch a running kernel without rebooting or restarting any processes.
With this solution, system administrators:
- Can immediately apply critical security patches to the kernel.
- Do not have to wait for long-running tasks to complete, for users to log off, or for scheduled downtime.
- Control the system’s uptime more and do not sacrifice security or stability.
Note that not every critical or important CVE will be resolved using the kernel live patching solution.
Our goal is to reduce the required reboots for security-related patches, not to eliminate them entirely.
For more details about the scope of live patching, see the Customer Portal Solutions article.