Manual kernel update: System won't boot new kernel

0

In response to Dirty COW, I installed the 4.4.0-45 kernel as described in the answer to this question.

Output from dpkg -l | grep '4\.4\.0-45'

ii  linux-headers-4.4.0-45                                      4.4.0-45.66                                          all          Header files related to Linux kernel version 4.4.0
ii  linux-headers-4.4.0-45-generic                              4.4.0-45.66                                          amd64        Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-4.4.0-45-generic                                4.4.0-45.66                                          amd64        Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii  linux-image-extra-4.4.0-45-generic                          4.4.0-45.66                                          amd64        Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii  linux-libc-dev:amd64                                        4.4.0-45.66                                          amd64        Linux Kernel Headers for development

clearly shows it is installed and update-grub detects it

Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.4.0-45-generic
Found initrd image: /boot/initrd.img-4.4.0-45-generic
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
done

but even after rebooting the machine for the umpteenth time uname -r still gives me 

4.2.0-38-generic

I want to know what step I missed that keeps the system from booting the new kernel.

FallenWarrior

Posted 2016-10-29T10:57:18.927

Reputation: 133

1Is it listed in the GRUB configuration? Alternatively, what's in the GRUB menu when you start up? – l0b0 – 2016-10-29T10:59:13.127

@l0b0 Thanks. It kept the old kernel as default for some reason, and as this is a machine mainly managed using SSH, I didn't notice. But still, even if I reboot with GRUB_DEFAULT='gnulinux-advanced-f0724a95-d885-4cec-b74c-635d61f32c73>gnulinux-4.4.0-45-generic-advanced-f0724a95-d885-4cec-b74c-635d61f32c73' (the name gathered from the grub config file, it still boots into the old kernel. – FallenWarrior – 2016-10-29T13:45:12.377

Answers

0

You don't need to install a new kernel version to patch the dirty cow vulnerability just enable the Canonical Livepatch Service on your Ubuntu

Kernel live patching enables runtime correction of critical security issues in your kernel without rebooting. It’s the best way to ensure that machines are safe at the kernel level, while guaranteeing uptime, especially for container hosts where a single machine may be running thousands of different workloads.

(1) Go to https://ubuntu.com/livepatch and retrieve your livepatch token, for example: d3b07384d213edec49eaa6238ad5ff00

(2) Install the livepatch snap, like this: $ sudo snap install canonical-livepatch

(3) Enable your account with the token from step 1

$ sudo canonical-livepatch enable d3b07384d113edec49eaa6238ad5ff00

That’s it. You’re up and running! You can check your status at any time with:

$ canonical-livepatch status kernel: 4.4.0-38.57-generic fully-patched: true version: "12.2"

Now your kernel will remain securely patched, and you can reboot when it’s convenient for you.

Or by runing the following command:

sudo apt-get update && sudo apt-get dist-upgrade

GAD3R

Posted 2016-10-29T10:57:18.927

Reputation: 2 677

There is something weird happening when I try to enable it. No matter if I use regular sudo or login as root with sudo -i to gain privilege, the enable command fails with "Permission denied" on some file. – FallenWarrior – 2016-10-31T11:48:49.107

As root or allow sudo to execute root commands – GAD3R – 2016-10-31T11:50:13.873

~# canonical-livepatch enable **** ; cannot bind-mount the mount namespace file /proc/3070/ns/mnt -> canonical-livepatch.mnt. errmsg: Permission denied support process for mount namespace capture exited abnormally This is the output I get when I run it as root. Sorry for bad formatting, I'm on my phone at the moment. – FallenWarrior – 2016-11-01T10:07:08.187

take a look here http://insights.ubuntu.com/2016/10/31/dirty-cow-was-livepatched-in-ubuntu-within-hours-of-publication/

– GAD3R – 2016-11-01T19:01:56.397

-1

Better is You boot from old kernel And delete all new kernel files from /boot Then update-grub After it you can set default old kernel Then sudo aptitude safe-upgrade Hope it will help And if not Download boot-repair and fix some issue I like manually but it will risky for new person

amzker pro hacker

Posted 2016-10-29T10:57:18.927

Reputation: 1

Welcome to Super User! Can you [edit] and explain why this suggestion works, rather than what OP did (as they did indeed run update-grub)? – bertieb – 2019-01-02T01:44:39.077

Asked: 2016-10-29T10:57:18.927

Viewed: 1 195 times

Active: 2019-01-02T01:35:29.187