On Thu, Oct 30, 2014 at 08:00:16AM -0500, Valeri Galtsev wrote:
If I remember Unix world, patching almost never led to downtime and almost always could be accomplished in presence of users logged in.
RHEL has kpatch: http://rhelblog.redhat.com/2014/02/26/kpatch/
Technologies like kpatch, ksplice, kGraft, etc. will make it so you don't have to reboot to get kernel patches. However, I'm more concerned with updating software like glibc, openssl, nss, etc. for running processes. It doesn't matter if you're running Linux or FreeBSD or other UNIXes, if you update the underlying software applications and libraries under the user's processes, there's always a chance (and quite likely) that something will break.