Jens Elkner wrote: > On Thu, Aug 21, 2008 at 02:55:36PM -0700, Steve Lawrence wrote: >>> The list of use cases is really pretty simple: >>> >>> 1) Administrator has in hand a patch that says "install in single user >>> mode". What does this administrator do? The answer seems self-evident: >>> take the system to single-user mode (either by booting the system in >>> single-user mode using boot -s or boot -m milestone/single-user, or >>> dropping the system to single-user mode using "init s" or "svcadm >>> milestone milestone/single-user") and install the patch using patchadd. > > Wrong assumption here. Often drivers etc. gets patched with "need single user > mode", which are not used by the system at all (e.g. fc). So the admin > says, don't care and go ahead - don't wanna take the system out of > service...
Indeed. First, I should have said "what we we *recommend* that this administrator do?". Second, yes, an intelligent administrator who examines the patch and is familiar with the operation of the system may be able to use a less conservative procedure. For many patches the "install in single user mode" recommendation (or, for that matter, the "reboot after installation" recommendation) is only the first approximation, suitable for automata and administrators who do not want to take the time to fully understand the situation. Ideally, the patch instructions would specify alternative procedures - "shut down the xxx service before installing and restart it after installing", or "install in single user mode if you use device yyy", or whatever. Eventually we'd like the automated tools to have similar metadata available to them, but getting it right is quite tricky.
