I’ve heard of immutable OS’s like Fedora Silverblue. As far as I understand it, this means that “system files” are read-only, and that this is more secure.

What I struggle to understand is, what does that mean in practical terms? How does installing packages or configuring software work, if system files can’t be changed?

Another thing I don’t really understand is what the benefits as an end user? What kinds of things can I do (or can be done by malware or someone else) to my Arch system that couldn’t be done on an immutable system? I get that there’s a security benefit just in that malware can’t change system files – but that is achieved by proper permission management on traditional systems too.

And I understand the benefit of something declarative like NixOS or Guix, which are also immutable. But a lot of OS’s seem to be immutable but not purely declarative. I’m struggling to understand why that’s useful.

  • tikitaki@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    applications are installed with flatpak - basically little containers that contain everything a program needs. sort of like docker

    so normally if you wanna install something - let’s say minecraft. you would also need to install java. the flatpak for minecraft would have java inside of it so it can be run in its own little container and you don’t need to install either

    • IncidentalIncidence@feddit.deOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      I guess what I am trying to figure out is – how would the experience of using flatpak or other containerized software managers differ on an immutable system compared to a mutable one?

      Or is the idea more that since you’re containerizing, you can lock everything else for stability in a way that you couldn’t before, because software installs needed to be installed in the system?

      • moon_matter@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Or is the idea more that since you’re containerizing, you can lock everything else for stability in a way that you couldn’t before, because software installs needed to be installed in the system?

        It’s this one. For example, with Silverblue, applications are all installed as flatpaks. The system level files are also made as read-only as possible, such that the base systems should look virtually identical across systems. You also get some like NixOS where most of the system setup is defined in a single config file. You can effectively copy your entire setup just by transplanting that one file on to a new system.