"The updates are installed onto a different (and isolated) system image or subvolume. Once the update finishes successfully, you can switch to the new system by rebooting. Again, if the update isn't 100% successful, it will not happen. And because this all occurs on a separate partition (or image), you don't have to worry about it affecting your system's current state."
"Also: Snap vs. Flatpak: How to decide which Linux package manager is right for you With an immutable Linux distribution, the core directories are mounted as read-only. Those directories include/usr, /bin, /sbin, /lib, /lib64, /etc, /boot, and /opt. By mounting those directories as read-only, their contents cannot be altered. Mounting those directories as read-only achieves a much tighter system security."
Atomic Linux distributions use transactional updates installed to a separate system image or subvolume so an update either completes fully or does not apply. Successful atomic updates require a reboot to switch to the new image, and failed updates leave the running system unchanged, preventing broken systems. Immutable Linux distributions mount core directories such as /usr, /bin, /sbin, /lib, /lib64, /etc, /boot, and /opt as read-only so their contents cannot be altered. Read-only mounts reduce attack surface and tighten system security. Both approaches improve reliability and security, and adoption of each is growing quickly.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]