My thought was mostly that this kind of invasive third party and closed source kernel module security wouldn’t have been necessary. But I’m pretty sure rollbacks can include kernel changes in a previous image.
Comment on An angry admin shares the CrowdStrike outage experience
stephen01king@lemmy.zip 3 months agoCan you explain what is immutable/atomic distribution and how it can prevent this?
save_the_humans@leminal.space 3 months ago
captain_aggravated@sh.itjust.works 3 months ago
An immutable distribution is one that treats the system files as read-only. Applications are handled separately, and updates to the system are done in an image-based way, rather than changing a few updated files, basically the OS gets replaced with an updated version. It prevents users or malicious outsiders from just changing system files. Fedora Silverblue and SteamOS as found on Valve’s Steam Deck are examples of immutable distros.
Now, with soemthing like Crowdstrike that operates in kernel space…I’m too far outside my wheelhouse to grasp how that would work on an immutable system. How it would be implemented.