On Fri, 2013-01-25 at 00:12 +0100, Lennart Poettering wrote: > I mean, here's an example: let's say openssl is updated, which is > pulled > in by a ton of other things, for example the libc NSS LDAP module. The > libc NSS is used by at least half of all processes running on your > system, > and they all dlopen() the NSS module. So how do you now figure out > which > ones that are and how do you then figure out what the heck you need to > do to get them restarted? > A) there is no 'libc NSS LDAP module', nss_ldap is not part of libc and is also deprecated on its own in favor of nss_ldapd and others. B) Luckily we solved this case with SSSD, and this is exactly one of the use cases we wanted to solve with it. The sssd client side that gets loaded in processes has been made extremely simple and the protocol fixed in stone exactly so that you can upgrade SSSD and it's dependencies and even change sssd's configuration w/o having to restart applications. So I would remove the nsswitch problem, for the most part (we still have some nsswitch things sssd does not handle like hostname resolution, but we may take that over as well if really necessary. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
