Identify packages that will require a system reboot after an update
- Red Hat Enterprise Linux (RHEL) 5
- Red Hat Enterprise Linux (RHEL) 6
- Red Hat Enterprise Linux (RHEL) 7
- Red Hat Enterprise Linux (RHEL) 8
- Red Hat Enterprise Linux (RHEL) 9
- How to identify packages which require system reboot?
Red Hat recommends that systems be rebooted after installation of an updated package. This ensures that all processes and services benefit from updates to core libraries and services.
Such reboots do come at a cost to system uptime, however, which we know many customers are keen to avoid. This information outlines when a reboot is required, best practice for customers following updates, and guidance on particular package update scenarios.
Each of the following packages requires a reboot in order to be fully-utilized. This list is for informational use and subject to change at Red Hat's discretion.
NOTE: Not all packages listed here are available in all versions of RHEL.
Beginning in RHEL 7,
needs-restartingplug-in with support for the
-r, --reboothintflag. This command will report whether a reboot will be needed.
# needs-restarting -r
For packages that provide a service (e.g. xen, bind, cronie, cups, ntp, openssh-server), restarting the service after updating the package is sufficient to make use of the updated binaries. Similarly to system reboots, Red Hat is aware that restarting services may also incur downtime for the provided service.
- For packages that provide both services and daemons (e.g. dbus), restarting all daemons and services by bringing the system down to single user mode (runlevel 1), and back up to the previous runlevel, is the recommended best practice.
This doesn't mean it is strictly required to reboot the system immediately after updating these packages.
- Typically, it is sufficient to restart services after applying a non-security
glibcerratum (i.e. RHBA rather than RHSA). The restarted services will immediately make use of the new
glibcruntime. Until that time, such services will continue to use the earlier version of those libraries, having been loaded by the dynamic linker at service startup.
Note that, depending on the nature of the bug being fixed, it may not be necessary to immediately restart the service.
Disk space will continue to be consumed by the old runtimes until all packages referencing them close their open file descriptors, allowing the kernel to free the reserved storage.
- This excludes any updates to packages which have an explicit or implicit dependency on kernel updates; in these cases, a reboot is still required to benefit from the updates to those packages.
- Updates to security-sensitive libraries, such as
gnutls, are especially important. Any services that depend on such libraries should be restarted to ensure that related errata are effectively used.
In the case of updates to significant vulnerabilities, a full reboot is still the conservatively correct approach.
- All errata pushed live to RHN after September 16 2015 for packages listed above will be tagged as "reboot_suggested" on RHN Classic Hosted and Red Hat Satellite 5.6/5.7, so customers can be aware and decide to boot systems after applying these errata.
- Red Hat Enterprise Linux
- Learn more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
It would be nice to have a flag in the yum output to recommend reboots when necessary.
I agree with you, such as Debian system using the flag /var/run/reboot-required.pkgs.
This file containt the list of package that need reboot and it will delete after reboot.
If you install the yum-utils package, you can do this:
List any services that need restarting:
List any services that require a reboot, and if so, return 1:
AIX has such a flag. It is nice to be able to determine if you need a downtime/reboot or not.
How does a Satellite 5.7 admin see the reboot_suggested tag?
I do not see it for the latest RHEL 7 kernel: any tag in the rpm overview.
Also as others asked in the comments, can the tag be viewed using rpm of yum?
Does it now support kpatch?
This article says it applies to RHEL 5/6/7, but RHEL 6, the needs-restarting command doesnt support the -r argument [root@/]# needs-restarting -r Usage: needs-restarting: Report a list of process ids of programs that started running before they or some component they use were updated.
needs-restarting: error: no such option: -r
Yes Nathan. That is correct. This doesn't work in RHEL6 release. I've updated the 'yum-utils' package as well and tested. When I run the command "needs-restarting -r" it says there is no such option. But works good on RHEL7.
Red Hat team, please update the knowledge base with proper details.
What about microcode_ctl updates? Afaik the server should be rebooted afterwards, so shouldn't needs-restarting -r detect that as well?
"The 'needs-restarting' command is available in RHEL 6, but is silent (meaning there is no output, the '-r, --reboothint' flag is not available for this version)."
What does this statement mean for the command on RHEL6 . I updated the kernel and together with it kernel-firmware was updated. But the command has no output and $? shows 0. So how does this command work or help in RHEL6?
echo $? 0
uname -a Linux sgpvmc0054 2.6.32-754.33.1.el6.x86_64 #1 SMP Mon Aug 10 10:29:45 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
Either the glibc in RHEL5 is more "square" than in RHEL 6/7/8 or someone needs to correct the syntax for the footnote references on RHEL 6/7/8:
Alas... not sure how to get the html syntax to appear as text and not the link... but I guess you get the point.
Maybe I am mistaken, but it seems to me that every time there is an update to google-chrome a reboot is required which is most annoying. When I am in windows there is a button in the upper right hand corner that says update, I click on it, and the browsers closes and reopens in its past state which is very convenient.
More importantly, it seems like there should be a "needs rebooting" tag that is associated with Security patches. Patches can normally be installed sooner if a full downtime is not required.
Kpatch can be used for kernel patches. However for other critical patches, any solution available to avoid the reboot for applying critical/security patches?
Has anyone tried to exclude these packages listed on this page to try and apply security only patches that don't require a reboot?
yum update-minimal --security --exclude=kernel* --exclude=linux-firmware* --exclude=firmware --exclude=dbus* --exclude=glibc* --exclude=hal* --exclude=systemd* --exclude=udev* --exclude=openssl-libs* --exclude=gnutls* --exclude=openssl-libs*