I was asked by one of the UNIX/Linux admins how HCL content creation team determines if a given Linux fixlet should contain “action requires restart”.
I assume it corresponds to something that can be checked against the specific RPM using the rpm command?
They dont, The “action requires restart” in BigFix doesn’t necessarily assess whether a patch requires a restart but rather serves as a directive for the system to restart after deployment. It’s more about enforcing a standard practice rather than determining the specific requirements of each patch or update.
https://developer.bigfix.com/action-script/reference/flow-control/action-requires-restart.html
Is there such a thing as pending restart on Linux? 
Then why do some fixlets contain the command and others don’t?
eg: For RHEL 9
(source release date of it, name of it) of fixlets whose (exists scripts whose (it as lowercase contains “action requires restart” as lowercase) of actions of it) of bes sites whose (name of it contains “Patches for RHEL 9”)
Yes. After sending a custom command that contains only “action requires restart” Linux Computer Status will change to “Pending Restart” in the console and the relevance “pending restart” will return “True”
However, using the needs-restarting command will still show no reboot needed, which makes sense as no install actually took place:
# needs-restarting -r
Updating Subscription Management repositories.
No core libraries or services have been updated since boot-up.
Reboot should not be necessary.
At least part of the question comes from the fact that some RH documentation indicates that “gnutls” needs a restart but fixlets (eg: RHSA-2024:1784, RHSA-2024:1879) do not contain a requires restart command.
HCL Dev Team could provide a better explanation on that 
This is documented behavior:
https://developer.bigfix.com/relevance/search/?query=pending%20restart
