generalize ken's note for shared library update, ...

and move it into package management section

1 files changed, 20 insertions, 1 deletions

diff --git a/chapter08/pkgmgt.xml b/chapter08/pkgmgt.xml
index 6c628c3d6..809421c3f 100644
--- a/chapter08/pkgmgt.xml
+++ b/chapter08/pkgmgt.xml
@@ -41,7 +41,7 @@
   the <ulink url="&hints-root;">Hints Project</ulink> and see if one of them
   fits your need.</para>
 
-  <sect2>
+  <sect2 id='pkgmgmt-upgrade-issues'>
     <title>Upgrade Issues</title>
 
     <para>A Package Manager makes it easy to upgrade to newer versions when they
@@ -91,6 +91,25 @@
       you have to downgrade a package, or the package changes the versioning
       scheme of library files suddenly.</para> </listitem>
 
+      <listitem> <para>If a package containing a shared library is updated,
+      and the name of library doesn't change, but a severe issue
+      (especially, a security vulnerability) is fixed, all running programs
+      linked to the shared library should be restarted.  The following
+      command, run as <systemitem class="username">root</systemitem> after
+      updating, will list what is using the old versions of those libraries
+      (replace <replaceable>libfoo</replaceable> with the name of the
+      library):</para>
+
+<screen><userinput role="nodump">grep -l  -e '<replaceable>libfoo</replaceable>.*deleted' /proc/*/maps |
+   tr -cd 0-9\\n | xargs -r ps u</userinput></screen>
+
+      <para>
+        If <application>OpenSSH</application> is being used for accessing
+        the system and it is linked to the updated library, you need to
+        restart <command>sshd</command> service, then logout, login again,
+        and rerun that command to confirm nothing is still using the
+        deleted libraries.
+      </para></listitem>
     </itemizedlist>
 
   </sect2>