What happens when an immutable OS meets an unstoppable OS?
this post was submitted on 24 Jul 2024
514 points (97.8% liked)
linuxmemes
21009 readers
478 users here now
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
It's a kind of Linux distro which doesn't need to be taken care of, a plug and play Linux, after a decade using traditional Linux OSes I think it is the future of Linux because it just works out of the box without any tweaking needed just like android so anyone can use it. I am very satisfied with Bluefin which is based on the immutable Fedora version.
A little too pitchy imho. It is just a regular linux distro with each system update creating a new fs snapshots .
Just use Nix/Guix lmao
Have you used Docker before?
You know how Docker images are read-only? Changes are layered on top, but the base image itself is read-only and all other files are stored in a volume outside the container. Containers are seen as ephemeral. When you upgrade to a new version of the image, the container is deleted and a new fresh one is created.
Imagine that but for the whole OS.
A related concept is an "atomic" OS, which means upgrades are atomic. Atomic in this context means that either the whole upgrade succeeds, or the whole upgrade fails. It can't get stuck in a half upgraded state. If you've dealt with databases before, it's a bit like database transactions.
No changing the system files! Ever! (Until you can.)
None of us knows!
There's a group of hardcore hackers that keep bringing it up and we're all afraid to ask.
PS: Kudos for biting the bullet.
Can't turn the sound off, duh 😹
Immutable in this context refers to an OS that can't be changed while running. Steam deck does something like that. Basically the all of the OS system files are read only, so that the user or some malware can't Bork the system. The only parts that are writable are the users profile directory and the logs.
You can still receive updates and install apps. It's just that that's handled a bit differently than with a standard OS.
E.g. it could be that the OS provider only issues complete updates, and then you either have to reboot. This is the case with steam os on the steam deck. The System portion of the OS is mounted read only during use.
I've read several topics trying to explain it and this single comment does a way better job, thank you XD
If you don't mind me asking a follow-up, why are non-immutable OS's in Linux more popular? Or in other words, is there a definite downside to an immutable OS that people should be wary of? I was planning to install Fedora 40 soon, but now I think I may opt for the Atomic one (with the KDE env) instead.
If the immutability in OS is well designed, then there shouldn't be really an downsides or loss in comfort. That is, unless you're a linux expert and like to tinker under the hood.
The general idea is, the core of the OS if read-only, and everything else that needs to be modified is mounted writeable. Ideally, protecting the core of the OS from writes, should for example prevent malware from installing a modified kernel or boot loader. Or maybe preventing the user from accidentally borking something so that their system becomes unbootable. How much of an advantage that is practice is dependent on use case. In the case of Steam OS on the steam deck, it's perfect, since boot issues on the steam deck could potentially be tricky to fix as opposed to a standard PC.
Another advantage of immutable could theoretically be wear and tear of certain storage devices. e.g. Think of a raspberry PI and SDcards. If you could have most of the important stuff of the OS as read only on the SD card, and everything else on a usb disk or even an NFS mount, then the SD card should last much longer since no writes are happening on it.
As far as true security benefit is concerned... I can't really say. It depends on how updates and eventual writes are actually handled to the immutable part of the OS. Obviously at some point, changes do happen. Like during a system update. In the case of Steam OS, The system portion is wiped and replaced the new version. Chimera OS, did something similar (I don't know if they still use the same method). They had a read-only BTRFS partition, where they would then provide a new snapshot during an update, which would be downloaded and applied at the next reboot. This approach would hinder automated crypto malware for example (at least for system files).
load more comments
(1 replies)
load more comments
(9 replies)
I'm no expert on this but I'm pretty sure the /etc directory is writeable too for config files, which sadly still allows a user or malware to still bork the system if they get superuser privilege
I find it hard to imagine a system that is not borkable by a superuser. Maybe it's helpful to think of immutable setups as harder to bork by accident during routine maintenance (e.g. through faulty updates) and more resilient to bad code (through containerization).
good point, that's fair. The reason I think it bears mentioning is that editing configs under /etc/ is totally something we might expect a user to do. So you could follow a tutorial online that is wrong or outdated and with enough bad luck, tada, you bricked your "immutable" system. Or, less dramatic and more likely, something doesn't work as intended anymore and you don't know how to restore to the original config from when you installed.
You're right that "immutable" is a bit of a misnomer in that regard, and it's been argued that "atomic" is a more fitting term.
And I agree that a lot of documentation and how-to-guides don't account for immutable setups (yet?), which can get novice users especially in a lot of trouble.
Personally, I prefer a declarative system (NixOS) that solves this problem rather cleanly and gives me most benefits of so-called immutable distros as well.
I believe the original idea was mainly focused around making software developer's lives easier, by (as you say) making versions of linux os's with known, static, unchanging, immutable, standard system configurations, which could not be altered by the user.
Again, I think the main idea here was basically focused around making either new distros, or sort of locked down versions of distros such that they could be deployed in I guess an enterprise or some kind of group environment, so as to greatly streamline the process of software development.
You say 'can receive updates', and I am not sure if you mean higher level app updates, or lower level system updates.
When people attempted to evangelize this immutable concept to me a few years back, they would say the whole point is that lower level updates on which many other things depend do not happen, that you would have to do basically a completely new install of a new immutable version when one comes out.
Kind of like 'more stable than stable.'
But... judging by other comments here, it would appear that this concept of immutable has uh... changed, lol.
Also, for what its worth, the Steam Deck OS is basically just a standardized version of Arch, upon which sits the whole nifty Steam Deck UI and Controller mappings, with the system set to read only by default.
You can change this and then do whatever the hell you want, if you so please.
I think its just one line in the terminal after you have set up your user as a system admin.
load more comments
(3 replies)
Another prominent example is Android. Sure system apps can be upgraded individually -- by storing the new version in a restricted part of the 'user' partition -- but otherwise the system files are strictly read only until a new 'image' is 'flashed' to it by the update system or a power user with debugging tools. In the past, a common use of root capabilities was to remount the system partition as read/write and then change files on it directly. It's more complex now.
That's also why system apps can be rolled back to the stock version, and can sometimes be disabled, but can't be directly uninstalled like user apps. Only the updated version on the user partition (if there is one) can be removed.
Aren't apps better compareable to something like flatpack and this is the reason why they are updateable during runtime?
Sure they are, but system apps are still installed in the immutable space initially, which is the important thing, that updates to it can't go there.
I don't know how desktop immutable systems deal with that.
load more comments
(1 replies)
Sounds pretty secure except for at the update stage, but you said that's handled differently so maybe that's more secure too.
Depending on the use case there's usually a temporary system that's there only to take the update from the user partition and apply it to the system partition. So even if you bork the update it'll still boot into that environment and install the system again. Valve does provide bootable images to put on a USB stick if you do break it pretty bad. It's just a PC, it doesn't do much to stop you from wiping the disk. The route Android took is A/B devices, when you're using A you update B and then reboot into B, then the next update you'll be updating the A partition and reboot into it. Plus if the next one fails to boot for some reason you can revert to the old version as if nothing happened, and retry the update from scratch. Except Samsung, because I don't know I guess they want to turn the updating into a whole experience of anticipation or whatever crap reason they have for it.
load more comments
(1 replies)
Is Android immutable?
Yes, pretty much always has too. /system is normally mounted read-only and all use data is in /data, so when you want to factory reset, you just format /data and reboot and voilà, brand new. Later versions also have a /vendor and a bunch of other partitions but the idea remains the same, as a user you only get to change /data (and /sdcard back before they had any meaningful internal storage, now it's an overlay mount to /data/media/0).
load more comments
(2 replies)