For years, the traditional Linux operating system has been a top pick for its flexibility and ability to be customized. But as great as it is, there are use cases in which stricter security rules and higher reliability standards are needed. That’s where immutable Linux operating systems come in – offering a more secure and reliable option, especially in settings where security is paramount.
In this post, we’ll be addressing some common questions to help you understand the principles behind immutable operating systems. We’ll also be exploring the various solutions available and the challenges faced in this field. So, get ready to dive in!
I’m quite interested in this concept, as I feel it might be something the desktop Linux world is slowly moving towards. There’s considerable advantages, but also the risk of making the whole system far less flexible than desktop Linux is today.
My linux distro has this same immutable property. A union file system backed by a read only image that’s updated atomically. Back in the day this used to be based on AUFS before linux had a mainline union file system. These can mount writable file systems for data persistence, but the OS becomes one static image. There were lots of distros using this configuration but it’s best known for booting linux on live cds/dvds/thumb drives including knoppix, puppy linux, damn small linux, etc. Whatever you did to the environment, it was temporary and a reboot returns the OS to a known state.
This has pros and cons. On the one hand it is less flexible in terms of persisting modifications, but on the other hand it’s really hard to brick such a system and the ease, reliability, and security that come with atomic updates are quite beneficial.
https://www.qubes-os.org/ ?
macOS (and iOS) also work with these principles today. But don’t think it’s one big static monolithic image. Stuff like the webbrowser (Safari) is distributed via a cryptex, which is like a cryptographic signed disk image. Very interesting stuff, see for example https://eclecticlight.co/2022/11/16/cryptex-how-a-custom-iphone-is-changing-macos-updates/
MacOS feels a little more like a apps as containers to me. Not that they run in a container environment, but that the app is a single unit that contains everything it needs, and is upgrade whole sale. MacOS definitely doesn’t have the split partition A/B upgrade path like most of the immutable stuff I’ve worked on.
Just an FYI, the survey of other OSs is a bit outdated. All the RH/Fedora Atomic stuff is sunset, they’ve focused on CoreOS based stuff (which definitely is NOT Gentoo based in the last couple years). I don’t know the other stuff as much but I’d be wary that it’s also a bit behind.
The RH/Fedora stuff breaks down like:
Fedora CoreOS (FCOS, as used in OKD Openshift and podman machine) -> Red Hat CoreOS (RHCOS, as used in Openshift )
Fedora IoT -> Red Hat Device Edge (RHDE, relatively new) (both are rpm-ostree distros using similar concepts as CoreOS for immutability)
VMware ESXi has run this way this for years and in general it works pretty well.
Immutability is less flexible in a way, but it does force you to think about what your doing and make it automated and repeatable, which is generally a good thing if you’re worried about losing your system or making more of the them. It’s pretty liberating that the only thing you care about is your data and the system itself is replaceable with minimal effort. Not unlike the container workflow, you do the work upfront to make sure the config is right, and then you can use that container image over and over and never have to worry about losing anything as long as your data is safe.