Here's the problem I had:
The Problem
I was running 3 servers, each running AlmaLinux 9.6. One was a dedicated server; the other two were virtual servers (one with xen virtualisation, the other with kvm).
On the dedicated and xen servers, whenever the kernel was updated, I could detect that a reboot was required.
$ dnf needs-restarting -r
Core libraries or services have been updated since boot-up:
* kernel
Reboot is required to fully utilize these updates.
More information: https://access.redhat.com/solutions/27943On the kvm server, I could see the kernel had just updated. Yet:
$ dnf needs-restarting -r
No core libraries or services have been updated since boot-up.
Reboot should not be necessary.I monitor the output of dnf needs-restarting with a custom munin plugin, to make sure I don't leave a server running stale software for longer than necessary. Yet that was not going to work on this software.
How needs-restarting works
The dnf needs-restarting plugin is a python script that looks at two things: 1. The timestamp the computer booted. 2. The timestamp when a number of critical packages were last updated. In theory, those packages are precisely the ones that would require a system restart for the update to take effect, and only those packages. So, if any of those critical packages had received an update after the boot time, the computer needs restarting.
The list of packages checked are these: 'kernel', 'kernel-rt', 'glibc', 'linux-firmware', 'systemd', 'dbus', 'dbus-broker', 'dbus-daemon', 'microcode_ctl'
To debug this problem, I saw there are two possibilities. 1. The timestamp is being incorrectly calculated. (This is a slightly complex calculation, because the script tries several possible ways to establish the boot time, as different systems will yield this information in different ways.) 2. The package update times are not returning the right information.
In fact, neither of those was the problem. A much simpler python script confirmed the boot time was parsed correctly. Another debug script went through each of the listed packages to check their last update time.
[DEBUG] Package 'kernel' not installed.
[DEBUG] Package 'kernel-rt' not installed.
glibc 2.34-168.el9_6.23 installed 2025-09-20 09:17:31 (ok) [installtime <= boot_time]
linux-firmware 20250812-151.4.el9_6 installed 2025-09-20 09:17:55 (ok) [installtime <= boot_time]
systemd 252-51.el9_6.2.alma.2 installed 2025-09-20 09:18:13 (ok) [installtime <= boot_time]
dbus 1.12.20-8.el9 installed 2024-01-29 17:22:35 (ok) [installtime <= boot_time]
dbus-broker 28-7.el9 installed 2022-11-18 17:07:01 (ok) [installtime <= boot_time]
[DEBUG] Package 'dbus-daemon' not installed.
microcode_ctl 20250211-1.20250512.1.el9_6 installed 2025-07-07 17:01:38 (ok) [installtime <= boot_time]Now you can see the problem. The server does not have kernel or kernel-rt installed. So an updated kernel will not appear.
The Solution
The kernel package may not be installed, but the kernel-core package is:
rpm -q kernel kernel-core kernel-modules
package kernel is not installed
kernel-core-5.14.0-570.46.1.el9_6.x86_64
kernel-core-5.14.0-570.49.1.el9_6.x86_64
kernel-core-5.14.0-570.51.1.el9_6.x86_64
package kernel-modules is not installedSo why does dnf needs-restarting not check for kernel-core as well, to support more virtualised servers?
We can ask dnf needs-restarting to add kernel-core to the list of packages, because the needs-restarting plugin supports supplying additional packages to the list at runtime.
To do this, create the necessary folder if it doesn't already exist
sudo mkdir -p /etc/dnf/plugins/needs-restarting.d/Then (in case the necessary file already exists and is not empty) we append kernel-core to the file in a new line:
echo kernel-core | sudo tee /etc/dnf/plugins/needs-restarting.d/extra-reboot-packages.confNow, the plugin works as required:
$ sudo dnf needs-restarting -r
Core libraries or services have been updated since boot-up:
* kernel-core
Reboot is required to fully utilize these updates.
More information: https://access.redhat.com/solutions/27943A Permanent Fix?
Finally, I checked to see if this could be fixed at the source code level, so I looked to open an issue on the dnf-plugins-core/plugins repository.
To my amazement, needs_restarting.py already contains kernel-core in the array.
# For which package updates we should recommend a reboot
# Mostly taken from https://access.redhat.com/solutions/27943
NEED_REBOOT = ['kernel', 'kernel-core', 'kernel-rt', 'glibc',
'linux-firmware', 'systemd', 'dbus', 'dbus-broker',
'dbus-daemon', 'microcode_ctl']So why did I have a problem?
$ dnf list installed | grep dnf-plugins-core
dnf-plugins-core.noarch 4.3.0-20.el9 @baseos
python3-dnf-plugins-core.noarch 4.3.0-20.el9 @baseos So my server had version 4.3.0 installed. The release date for this is 9th September 2022. If we look at the code for needs_restarting.py at that point in time, we find this:
# For which package updates we should recommend a reboot
# Mostly taken from https://access.redhat.com/solutions/27943
NEED_REBOOT = ['kernel', 'kernel-rt', 'glibc', 'linux-firmware',
'systemd', 'dbus', 'dbus-broker', 'dbus-daemon']No kernel-core. If I push a manual update for dnf-plugins-core on my server, there are no updates. So AlmaLinux 9.6 is currently tied to 4.3.0 of dnf-plugins-core. Commit baad35c was the one that sensibly committed the changed to include kernel-core, 29th August 2023. That means I’d need version 4.4.3 or above.
I don’t know whether AlmaLinux 9.x will ever see an update to dnf-plugins-core that includes this change, or whether other RHEL derived distros will (Rocky Linux, Centos Stream, etc.). But if you find yourself on a system that fails to detect kernel updates, to prompt a reboot, just add the single config file above.
Tracer
Just before I sign off, and invite any other comments that may help people, I am aware of the Tracer project, which also has a DNF plugin. I cannot get tracer to work without a full interactive shell. That means I cannot run it in cron or munin-node. If anyone has had success at that, I’d especially love to hear from you in the comments.
But please, anyone, if you have other perspectives or suggestions on this issue, please do comment below.
Recent comments