Security updates / 'procstat' to find daemons to restart - reliable?
Karl Pielorz
kpielorz_lst at tdx.co.uk
Thu Nov 30 10:27:55 UTC 2017
Hi All,
When applying patches I usually reboot machines. But the recent
FreeBSD-SA-17:11.openssl update handily looks like just a 'restart of
daemons using the library' will do it.
So - on a 10.3-p24 system, if I run:
procstat -va | grep libcrypto
I get a list of process ID's that turn out to be things like sshd, unbound
etc. As you'd expect.
So then I do a 'freebsd-update fetch' and 'freebsd-update install'.
Re-run 'procstat -va' - and now there is no mention of 'libcrypto'.
If 'libcrypto' does not appear in 'procstat -va' output does that mean I'm
good to go? (i.e. nothing has it open, so nothing needs restarting - and
any future 'opens' on that library, will of course use the new one on-disk?)
Did the action of 'freebsd-update install' cause some behind the scenes
"Oh, this library has changed under me I'll unload" type thing (or break
any open references to it?)
If I restart, say 'sshd' - once again, 'procstat -va' now shows
'libcrypto.so.7' is in use by pid 53569 (sshd)
This is a little confusing...
-Karl
More information about the freebsd-questions
mailing list