Are system updates without reboots possible?
Arthur Chance
freebsd at qeng-ho.org
Thu Mar 10 14:15:42 UTC 2016
On 10/03/2016 13:13, Steve O'Hara-Smith wrote:
> On Thu, 10 Mar 2016 12:04:05 +0000
> Arthur Chance <freebsd at qeng-ho.org> wrote:
>
>> The latest security advisory on openssl contains the usual mantra
>>
>> "Restart all deamons using the library, or reboot the system."
>>
>> I usually just reboot but find myself wondering if there's a reliable
>> *automatic* way of identifying which running programs use any given
>> library (or set of libraries), and identify whether or not they're
>> daemons controlled by service(8).
>>
>> I suppose root could use ps and ldd to identify affected programs, but
>> this seems like brute force and I can't see how to tie into the
>> service(8) structure.
>>
>> Anybody got ideas on this? It could be useful for updating servers you'd
>> rather not reboot.
>
> You could just apply brute force and use service -R to restart all
> services or reboot if the update included a new kernel. Overkill but safe.
>
I'd missed the -R option for service(8). Thanks for pointing that out.
However, that only restarts daemons from /usr/local/etc/rc.d, not
built-in system daemons from /etc/rc.d. Neither does it let me identify
non-daemon running programs that are affected by a library update.
--
Moore's Law of Mad Science: Every eighteen months, the minimum IQ
necessary to destroy the world drops by one point.
More information about the freebsd-questions
mailing list