"Put simply, an immutable distro is one in which certain directories are read-only and cannot be changed. For example, the /usr directory contains many of your applications' binary executable files and is mounted read-only. Other directories mounted with only read permissions include /lib (essential shared libraries for system operation), /opt (used for optional software packages), and /var (stores variable data)."
"By mounting the directories that house application executables read-only, those apps cannot be swapped out for malicious counterfeits, which could damage your system or steal your data. The system creates a working image prior to the upgrade. The upgrade happens. The computer must be rebooted for the upgrade to apply. If anything goes wrong during the upgrade, the newly created image is applied, so you're back where you started. With an immutable distribution, you never have to worry about an upgrade breaking things."
An immutable Linux distribution mounts key system directories as read-only so their contents cannot be modified. Typical read-only directories include /usr, /lib, /opt and /var. Updates are applied by creating a new working image before the upgrade, performing the upgrade, and requiring a reboot to activate the new image; if an upgrade fails the previous image remains available to revert to. Immutable filesystems prevent replacement of executables with malicious counterfeits, improving system security and stability by removing the usual upgrade risks. Several immutable Linux distributions exist and many are general-purpose. CarbonOS, for example, uses GNOME, read-only system files and sandboxed applications.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]