I’ve read several topics trying to explain it and this single comment does a way better job, thank you XD
If you don’t mind me asking a follow-up, why are non-immutable OS’s in Linux more popular? Or in other words, is there a definite downside to an immutable OS that people should be wary of? I was planning to install Fedora 40 soon, but now I think I may opt for the Atomic one (with the KDE env) instead.
Regular Linux distros have 30+ years of history. It’s what most of us are used to. Immutable/atomic/transactional OSes are relatively recent hence the relatively low adoption rate.
Also, atomic OSes are, by nature, much harder to tinker with. After all, the goal is to provide the exact same image for all users. As a power user, it’s a bit frustrating. As a new user, having a virtually unborkable system is excellent.
If you plan on installing an atomic variant of Fedora, may I suggest uBlue Aurora instead of Fedora Kinoite? It is based on Silverblue/Kinoite but includes by default, among other QOL improvements, the restricted-licence codecs that must be manually installed in official Fedora products.
Well, currently I use Tumbleweed with just couple of tweaks, but I can’t live without things like Yakuake, fish, yt-dlp and bunch of other console commands that are not present in most dostros’ defaults. How does atomic distribution handle this? I believe flatpak only has gui applications…
// I just diacovered Yakuake is there, but I can’t imagine how does this specific program integrate with system?
You can layer basically any RPM onto the base system with rpm-ostree, but it’s slow and inefficient, or you can install anything from any distro by spinning a container with Distrobox and exporting the command to your main system.
If the immutability in OS is well designed, then there shouldn’t be really an downsides or loss in comfort. That is, unless you’re a linux expert and like to tinker under the hood.
The general idea is, the core of the OS if read-only, and everything else that needs to be modified is mounted writeable.
Ideally, protecting the core of the OS from writes, should for example prevent malware from installing a modified kernel or boot loader. Or maybe preventing the user from accidentally borking something so that their system becomes unbootable. How much of an advantage that is practice is dependent on use case.
In the case of Steam OS on the steam deck, it’s perfect, since boot issues on the steam deck could potentially be tricky to fix as opposed to a standard PC.
Another advantage of immutable could theoretically be wear and tear of certain storage devices. e.g. Think of a raspberry PI and SDcards. If you could have most of the important stuff of the OS as read only on the SD card, and everything else on a usb disk or even an NFS mount, then the SD card should last much longer since no writes are happening on it.
As far as true security benefit is concerned… I can’t really say. It depends on how updates and eventual writes are actually handled to the immutable part of the OS. Obviously at some point, changes do happen. Like during a system update.
In the case of Steam OS, The system portion is wiped and replaced the new version. Chimera OS, did something similar (I don’t know if they still use the same method). They had a read-only BTRFS partition, where they would then provide a new snapshot during an update, which would be downloaded and applied at the next reboot.
This approach would hinder automated crypto malware for example (at least for system files).
Thank you, then it looks like I’ll be giving the atomic one a try! I can always overwrite and install normal Fedora KDE if the atomic version is giving me issues after all :)
I’ve read several topics trying to explain it and this single comment does a way better job, thank you XD
If you don’t mind me asking a follow-up, why are non-immutable OS’s in Linux more popular? Or in other words, is there a definite downside to an immutable OS that people should be wary of? I was planning to install Fedora 40 soon, but now I think I may opt for the Atomic one (with the KDE env) instead.
Regular Linux distros have 30+ years of history. It’s what most of us are used to. Immutable/atomic/transactional OSes are relatively recent hence the relatively low adoption rate.
Also, atomic OSes are, by nature, much harder to tinker with. After all, the goal is to provide the exact same image for all users. As a power user, it’s a bit frustrating. As a new user, having a virtually unborkable system is excellent.
If you plan on installing an atomic variant of Fedora, may I suggest uBlue Aurora instead of Fedora Kinoite? It is based on Silverblue/Kinoite but includes by default, among other QOL improvements, the restricted-licence codecs that must be manually installed in official Fedora products.
Well, currently I use Tumbleweed with just couple of tweaks, but I can’t live without things like Yakuake, fish, yt-dlp and bunch of other console commands that are not present in most dostros’ defaults. How does atomic distribution handle this? I believe flatpak only has gui applications…
// I just diacovered Yakuake is there, but I can’t imagine how does this specific program integrate with system?
You can layer basically any RPM onto the base system with
rpm-ostree
, but it’s slow and inefficient, or you can install anything from any distro by spinning a container with Distrobox and exporting the command to your main system.If the immutability in OS is well designed, then there shouldn’t be really an downsides or loss in comfort. That is, unless you’re a linux expert and like to tinker under the hood.
The general idea is, the core of the OS if read-only, and everything else that needs to be modified is mounted writeable. Ideally, protecting the core of the OS from writes, should for example prevent malware from installing a modified kernel or boot loader. Or maybe preventing the user from accidentally borking something so that their system becomes unbootable. How much of an advantage that is practice is dependent on use case. In the case of Steam OS on the steam deck, it’s perfect, since boot issues on the steam deck could potentially be tricky to fix as opposed to a standard PC.
Another advantage of immutable could theoretically be wear and tear of certain storage devices. e.g. Think of a raspberry PI and SDcards. If you could have most of the important stuff of the OS as read only on the SD card, and everything else on a usb disk or even an NFS mount, then the SD card should last much longer since no writes are happening on it.
As far as true security benefit is concerned… I can’t really say. It depends on how updates and eventual writes are actually handled to the immutable part of the OS. Obviously at some point, changes do happen. Like during a system update. In the case of Steam OS, The system portion is wiped and replaced the new version. Chimera OS, did something similar (I don’t know if they still use the same method). They had a read-only BTRFS partition, where they would then provide a new snapshot during an update, which would be downloaded and applied at the next reboot. This approach would hinder automated crypto malware for example (at least for system files).
Thank you, then it looks like I’ll be giving the atomic one a try! I can always overwrite and install normal Fedora KDE if the atomic version is giving me issues after all :)