How to deactivate Canonical Livepatch Service

Canonical Livepatch Service is a valuable tool that helps eliminate the need for unplanned maintenance windows by patching high and critical severity kernel vulnerabilities in the Linux kernel while the system runs. This service is included in Ubuntu Pro and can be useful for up to 10 years, reducing system downtime, maintenance expenses, and enhancing security.

However, if you wish to deactivate the Canonical Livepatch Service, there are several methods available. One way to disable the service is through the command line. To do this, open the terminal and enter the following command:

$ sudo snap stop --disable canonical-livepatch

Another method to disable the Canonical Livepatch Service is through the Software and Updates application. To do this, open the Software and Updates application, navigate to the Livepatch tab, and turn the slider to off.

If you want to completely remove the Canonical Livepatch Service after disabling it, you can use the following command with the -r option:

$ canonical-livepatch disable-livepatch [-r]

This command will remove the canonical-livepatch snap after the service is disabled.

In case you don't have direct access to the system, you can disable the livepatch client by setting a kernel command line parameter canonical_livepatch_mode or by writing the mode to the /var/local/canonical_livepatch_modefile. These locations are only checked when the livepatch daemon is started, usually at boot.

Remember that disabling the Canonical Livepatch Service may increase the risk of system vulnerabilities and require manual updates and reboots for kernel patches. It is essential to weigh the pros and cons before deciding to deactivate this service.

Citations :

  1. https://ubuntu.com/security/livepatch
  2. https://tuxcare.com/canonical-livepatch-overview-of-enterprise-live-patching-services/#:~:text=Server%20live%20patching%20is%20an,maintenance%20expenses%2C%20and%20enhances%20security.
  3. https://manpages.ubuntu.com/manpages/bionic/man1/ua.1.html#:~:text=Livepatch%20(Canonical%20Livepatch%20Service),-Managed%20live%20kernel&text=The%20token%20can%20be%20obtained,after%20the%20sevice%20is%20disabled.
  4. https://ubuntu.com/security/livepatch/docs/client/disabling
  5. https://manpages.ubuntu.com/manpages/bionic/man1/ua.1.html
  6. https://askubuntu.com/questions/958462/can-i-take-a-computer-off-of-ubuntu-livepatch
  7. https://tuxcare.com/canonical-livepatch-overview-of-enterprise-live-patching-services/
  8. https://askubuntu.com/questions/1355569/how-to-enable-disable-canonical-livepatch-in-software-properties-gtk-via-command
  9. https://www.quora.com/What-is-a-canonical-live-patch-and-is-it-OK-if-I-wanted-to-secure-my-laptop-and-my-privacy#:~:text=Do%20I%20need%20to%20use,the%20regular%20way%20and%20reboot.
  10. https://ubuntu.com/security/livepatch#:~:text=Livepatch%20eliminates%20the%20need%20for,is%20included%20in%20Ubuntu%20Pro.