- Applications
User-space applications are any programs that can be initiated by a system user. Typically, such applications are used only when a user, script, or automated task utility launches them and they do not persist for long periods of time.
Once such a user-space application is updated, halt any instances of the application on the system and launch the program again to use the updated version.
- Kernel
The kernel is the core software component for the Fedora operating system. It manages access to memory, the processor, and peripherals as well as schedules all tasks.
Because of its central role, the kernel cannot be restarted without also stopping the computer. Therefore, an updated version of the kernel cannot be used until the system is rebooted.
- Shared Libraries
Shared libraries are units of code, such as glibc
, which are used by a number of applications and services. Applications utilizing a shared library typically load the shared code when the application is initialized, so any applications using the updated library must be halted and relaunched.
To determine which running applications link against a particular library, use the lsof
command as in the following example:
lsof /lib/libwrap.so*
This command returns a list of all the running programs which use TCP wrappers for host access control. Therefore, any program listed must be halted and relaunched if the tcp_wrappers
package is updated.
- Systemd Services
Systemd services are persistent server programs launched during the boot process. Examples of Systemd services include sshd
, vsftpd
, and xinetd
.
Because these programs usually persist in memory as long as the machine is booted, each updated Systemd service must be halted and relaunched after the package is upgraded. This can be done by logging into a root shell prompt and issuing the /usr/bin/systemctl
command as in the following example:
/usr/bin/systemctl restart <service-name>
In the previous example, replace <service-name> with the name of the service, such as sshd
.
xinetd
Services
Services controlled by the xinetd
super service only run when a there is an active connection. Examples of services controlled by xinetd
include Telnet, IMAP, and POP3.
Because new instances of these services are launched by xinetd
each time a new request is received, connections that occur after an upgrade are handled by the updated software. However, if there are active connections at the time the xinetd
controlled service is upgraded, they are serviced by the older version of the software.
To kill off older instances of a particular xinetd
controlled service, upgrade the package for the service then halt all processes currently running. To determine if the process is running, use the ps
command and then use the kill
or killall
command to halt current instances of the service.
For example, if security errata imap
packages are released, upgrade the packages, then type the following command as root into a shell prompt:
ps -aux | grep imap
This command returns all active IMAP sessions. Individual sessions can then be terminated by issuing the following command:
kill <PID>
If this fails to terminate the session, use the following command instead:
kill -9 <PID>
In the previous examples, replace <PID> with the process identification number (found in the second column of the ps
command) for an IMAP session.
To kill all active IMAP sessions, issue the following command:
killall imapd