James Carlson wrote: > Jordan Brown writes: >> It's been a while since the last time I looked, but I remember that we >> were seeing that services like ssh were still live when our service ran, >> and that's bad. > > It's bad only because you're modifying the running system, and that > itself is arguably an inherently bad thing no matter what precautions > are taken. > > A better and safer answer is to modify an alternate boot environment > (with everything still up and running), and then switch environments. > With ZFS root, this should become very low cost: zfs snapshot, clone, > write changes, and switch.
Yes, yes, of course. And if we could guarantee that everybody was using ZFS or Live Upgrade, it would be a lot easier. Plus it would help if we didn't have to support S8 and S9 systems. But we can't, and we do. Note, however, that even alternate-boot-environment schemes have their problems. If the system is running, are you sure that the running software won't make some important change *after* you take the snapshot? Patches occasionally want to write /etc/passwd; what happens if some user changes their password at the wrong moment?
