Reboot during OS update

[LMLnull]

Hello, I have a question about OS reboot that I would like to discuss with you. As a ContainerOS, 'rather than a package manager that updates individual pieces of software, Bottlerocket downloads a full filesystem image and reboots into it'. In a k8s cluster, if there is a bug in the OS kernel, the traditional Linux OS can use "yum install <hotfix -id>" to hotfix the kernel, while Bottlerocket needs to perform a rolling restart of all machines in the cluster after the update. I think Bottlerocket's behavior is to guarantee atomicity, but have you guys evaluated the impact of node-level restarts? I think restarting is reasonable. It is not necessary to keep nodes available in real time in a k8s cluster, but I don't know how to convince my customers. So I would like to consult your point of view on system restart. I will be very grateful if I can receive your reply, thank you.

[bcressey]

On a general purpose Linux distro, the equivalent of yum update X can often create a false sense of security.

It's accurate for "leaf" programs like CLIs and services, but misleading for shared libraries since every program that has the library loaded needs to restart to have the updated code in its address space.

Updating glibc or openssl does not trigger a system-wide restart of systemd and all other processes, which is what's actually required to guarantee full coverage.

Installing an updated kernel package has a similar outcome; it doesn't change the running kernel but merely stages a new one to be used on the next boot.

Rebooting into the new kernel and userspace to apply the update, as Bottlerocket does and other image-based distro do, removes all of this ambiguity. You are either in the old state and not patched, or in the new state and fully patched. There is no disconnect between what the package manager says is installed and what running processes have loaded.

There are ways around this that avoid a reboot - kernel live patches, graceful service reloads - but I am not aware of any mainstream distro that can guarantee that the state of the system after applying package updates has exactly the same security posture as it would following a reboot.

[LMLnull]

Thank you very much for your reply!

[LMLnull]

Solved my problem. Thanks