Do we always have to reboot after installing a security update to make sure that the update is actually used rather than just installed? (Re: keeping partitions mounted read-only)
Shaun Crossley wrote:
The problem with lsof
is that a large number of files on /usr is listed, and I can?t tell which
of them need to be closed and which can stay open.
I have always understood that *any* open files would prevent a
partition from being unmounted, and I assume the same is true for
remounting the partition as read-only.
Well, afair you cannot unmount a filesystem while your current working
directory resides in the filesystem you´re trying to unmount. You´ll just
get the message ´[foo] is busy´.
But you _can_ do a remount in such cases, so there´s some difference
between unmounting and remounting. In most cases, you can do a remount but
not an unmount.
Therefore, using this
assumption, *every* file listed via "lsof +D /usr" must be closed
before the kernel will permit the partition to be unmounted or
remounted.
But perhaps I'm wrong.
Anyone in the know care to set me straight?
Hm, I´m not sure about dismounting a filesystem, but you actually can do
remounts without closing all open files. Only in some situations, it
doesn´t work.
My idea (just guessing) of it is that processes have somehow loaded files
into memory that get replaced by installing some security update. As long
as these processes continue to run, the old files remain in a state that
prevents the filesystem from being remounted. In particular, this may
affect files that are used by several processes at once.
This could mean that just installing a security update is not sufficient
for instances where multiple processes access related files, or where
processes that would be affected by the update are continously running.
That´s an interesting question for the people concerned about security ...
Do we always have to reboot after installing a security update to make sure
that the update is actually used rather than just installed?
GH
Reply to: