* Carlos E. R. [12-27-18 18:55]:

On 27/12/2018 23.52, Michael Fischer wrote:

...

Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed.

How the heck could this state have been acheived, and how scared should I be to reboot, etc.?

After updating packages using rpm, zypper, or yast, files that were in use can't be actually deleted and remain in use. Thus you have to restart the affected applications or services - but some of them can not be easily restarted, so instead it is easier to reboot.

If you don't, well, the security update that you did is not in fact applied and you are still running the vulnerable versions.

On some cases, you may have in memory inconsistent libraries (one updated, one old),

I list below the actions you can do instead of rebooting.

...

The following running processes use deleted files:

PID | PPID | UID | User | Command | Service | Files ------+-------+------+---------+-----------------+-----------------+-------------------------------------- 1 | 0 | 0 | root | systemd | | /lib64/libpam.so.0.84.2

reboot.

systemctl daemon-reexec or systemctl daemon-reload

...

781 | 1 | 0 | root | ModemManager | ModemManager | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3

Ignore. Maybe restart network manager would do the trick.

systemctl restart ModemManager

...

782 | 1 | 0 | root | irqbalance | irqbalance | /usr/lib64/libglib-2.0.so.0.5400.3

systemctl restart irqbalance

...

792 | 1 | 0 | root | cupsd | cups | /lib64/libpam.so.0.84.2

systemctl restart cupsd

...

857 | 1 | 0 | root | bluetoothd | bluetooth | /usr/lib64/libglib-2.0.so.0.5400.3

systemctl restart bluetooth or bluetoothctl restart

...

873 | 1 | 469 | polkitd | polkitd | polkit | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3

dunno.

systemctl restart polkit

...

1335 | 1 | 0 | root | sshd | sshd | /lib64/libpam.so.0.84.2

systemctl restart sshd

but you must also disconnect and reconnect the ssh sessions

...

1405 | 1 | 0 | root | lightdm | display-manager | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /lib64/libpam.so.0.84.2

log out init 3 init 5

...

1413 | 1 | 0 | root | accounts-daemon | accounts-daemon | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3

dunno

systemctl restart accounts-daemon

...

1496 | 1 | 0 | root | cron | cron | /lib64/libpam.so.0.84.2

systemctl restart cron

...

6798 | 1 | 0 | root | upowerd | upower | /usr/lib64/libgio-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgobject-2.0.so.0.5400.3 | | | | | | /usr/lib64/libgmodule-2.0.so.0.5400.3 | | | | | | /usr/lib64/libglib-2.0.so.0.5400.3

Dunno

systemctl restart upower

...

24659 | 24658 | 1000 | myuser | systemd | | /lib64/libpam.so.0.84.2

Unsure.

kill -9 24659

Only that tiny list? :-p

Just reboot when feasible.

-- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

On Thu, Dec 27, Patrick Shanahan wrote:

* Carlos E. R. [12-27-18 18:55]:

...

On 27/12/2018 23.52, Michael Fischer wrote:

...

Inspired by a post here (somewhere), out of curiosity I ran `sudo zypper ps` and was surprised to find that it had *any* output, but even more surprised to see an awful lot of important-looking libraries listed.

How the heck could this state have been acheived, and how scared should I be to reboot, etc.?

After updating packages using rpm, zypper, or yast, files that were in use can't be actually deleted and remain in use. Thus you have to restart the affected applications or services - but some of them can not be easily restarted, so instead it is easier to reboot.

If you don't, well, the security update that you did is not in fact applied and you are still running the vulnerable versions.

On some cases, you may have in memory inconsistent libraries (one updated, one old),

Patrick, Carlos, Thanks for the tips. I figured a reboot and login would cover the whole list. However, it is unclear to me how the ONLY versioned libpam.so I seem to have on my system is one I can do without. Surely there must be _some_ version as the target of the usual symlink(s)??? $ locate libpam /etc/apparmor.d/abstractions/libpam-systemd /lib/libpam.so.0 /lib/libpam.so.0.84.2 /lib/libpam_misc.so.0 /lib/libpam_misc.so.0.82.1 /lib/libpamc.so.0 /lib/libpamc.so.0.82.1 /lib64/libpam.so.0 /lib64/libpam.so.0.84.2 /lib64/libpam_misc.so.0 /lib64/libpam_misc.so.0.82.1 /lib64/libpamc.so.0 /lib64/libpamc.so.0.82.1 /usr/lib64/libpam.so /usr/lib64/libpam_misc.so /usr/lib64/libpamc.so $ l /usr/lib64/libpam.so lrwxrwxrwx 1 root root 23 Dec 3 10:16 /usr/lib64/libpam.so -> /lib64/libpam.so.0.84.2 $ l /lib64/libpam.so.0 lrwxrwxrwx 1 root root 16 Dec 3 10:15 /lib64/libpam.so.0 -> libpam.so.0.84.2 So.. if that file is only showing up for `ls` because some processes still have it open, and I shut down those processes... doesn't this suggest that e.g. systemd and login will get very unhappy because there is NO 64-bit libpam.so on the system? (or at least the symlink targets are gone) What part of this have I got horribly wrong? The above understanding of the situation, or that I managed to do some zypper command which removed some much needed libraries? Thanks Michael -- Michael Fischer michael@visv.net -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org

Am 28.12.18 um 04:11 schrieb Carlos E. R.:

On 28/12/2018 03.19, Michael Fischer wrote:

... The only thing you did "half wrong" is not noticing that you had to reboot after some update, and this is very common. People often say that in Windows you always need to reboot so often, and that in Linux you don't need to reboot. This is not true, in Linux sometimes you need to reboot, sometimes not, but it is simply easier to reboot than figuring out the list.

It seems usually not necessary with Leap if one uses its update service within KDE. Peter -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org