James Carlson wrote: >> Jordan's patching consumer, right? > > He doesn't want that one to go last at all; it can't.
Correct. We need to run (approximately) immediately before file systems get unmounted. We need them to still be writable - we are, after all, trying to patch things. The simple model is that we want to be at the point where the system is equivalent to single-user mode. (Now, really, the actual requirements for installing those patches are potentially complicated and specific to the patch, but "single user" is the compromise we use.) It's been a while since the last time I looked, but I remember that we were seeing that services like ssh were still live when our service ran, and that's bad.
