Absitively, use case here IMO is set and forget autoupdate to stay current and SELinux (which actually reduces surface)
Comment on Silverblue or other immutable on remote VPS?
myersguy@lemmy.simpl.website 2 months agoBecause even if an attacker could gain access even as root he cannot modify system files.
They 100% can.
MalReynolds@slrpnk.net 2 months ago
asap@lemmy.world 2 months ago
It’s a read-only filesystem:
myersguy@lemmy.simpl.website 2 months ago
That would be true of podman running anywhere, and is not unique to an immutable distribution. This is also clearly not what they are talking about.
You can change that real quick if you have root access.
asap@lemmy.world 2 months ago
You sound confident, but the fact that Fedora is using the term “immutable” makes me wonder if you actually have domain expertise here.
Immutable means immutable. It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.
Unless you provide some evidence to the contrary I’m going to assume you aren’t correct.
superkret@feddit.org 2 months ago
The immutability isn’t designed to protect against a malicious attacker with root access.
Any system is fucked if that happens.
It’s designed to reduce the workload of the maintainers, because they effectively only need to test and build for one standard image.
myersguy@lemmy.simpl.website 2 months ago
Someone with root can run ostree admin unlock --hotfix to make /usr writable. Someone with root can also delete all restore points.
See the comment by superkret.