Linux

48003 readers

1166 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

ELI5: What is an immutable OS, in practical terms? (feddit.de)

submitted 1 year ago* (last edited 1 year ago) by IncidentalIncidence@feddit.de to c/linux@lemmy.ml

23 comments fedilink hide all child comments

I've heard of immutable OS's like Fedora Silverblue. As far as I understand it, this means that "system files" are read-only, and that this is more secure.

What I struggle to understand is, what does that mean in practical terms? How does installing packages or configuring software work, if system files can't be changed?

Another thing I don't really understand is what the benefits as an end user? What kinds of things can I do (or can be done by malware or someone else) to my Arch system that couldn't be done on an immutable system? I get that there's a security benefit just in that malware can't change system files -- but that is achieved by proper permission management on traditional systems too.

And I understand the benefit of something declarative like NixOS or Guix, which are also immutable. But a lot of OS's seem to be immutable but not purely declarative. I'm struggling to understand why that's useful.

you are viewing a single comment's thread
view the rest of the comments

[–] tikitaki@kbin.social 4 points 1 year ago (6 children)

applications are installed with flatpak - basically little containers that contain everything a program needs. sort of like docker

so normally if you wanna install something - let's say minecraft. you would also need to install java. the flatpak for minecraft would have java inside of it so it can be run in its own little container and you don't need to install either

[–] pglpm@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (3 children)

Doesn't that lead to huge redundancy – say, multiple java copies effectively existing in the system? And also to software not optimized for the system (I assume flatpaks are pre-compiled)?

[–] Gull@kbin.social 3 points 1 year ago (1 children)

You're right - having multiple copies of everything is a drawback of housing each application in its own container or VM. The standard rejoinder is that disk space is cheap. The validity of that rejoinder depends on what you're doing and what hardware or budget you are working with.

Another problem is that old versions of these dependencies will be baked into an image that is then used for many years without updates. This ensures the application keeps working without being disrupted by an update to a shared library, but it also means things like security flaws persist. Arguably, this is mitigated by only that image having the problem, but one insecure app can be a real problem - especially when it accesses shared resources - and when the same problem applies to many applications.

Compiled code optimized for a specific system's hardware is less relevant than it used to be - even Gentoo users do not focus on this anymore. Rolling your own container isn't much harder than compiling with your own options.

[–] fruitywelsh@lemmy.ml 1 points 1 year ago

Another argument for the each app has the library it needs model is that your system no longer is pinned to the least common denominator which means apps should be able update their packages faster without the concerns of other apps.

You also have flatpak's runtime concept which means you could force an app to try and run with a newer runtime.

load more comments (1 replies)

load more comments (3 replies)