Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?

It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.

  • @[email protected]
    link
    fedilink
    English
    1
    edit-2
    4 months ago

    While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?

    The original context for the comment chain was:

    Because even if an attacker could gain access even as root he cannot modify system files.

    So no, it’s completely relevant.

    • @asap
      link
      English
      14 months ago

      My comment in the comment chain was:

      An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

      We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.

      • @[email protected]
        link
        fedilink
        English
        24 months ago

        Your comment also contained

        The filesystem itself is also read-only.

        Which is what led to the further discussion of root making that not so.

        I don’t believe that to be the intent of the OP’s comment, given their second sentence, but they are welcome to state otherwise. I just don’t want them thinking that an immutable distribution gives them some kind of bulletproof security that it doesn’t.

        • @asap
          link
          English
          14 months ago

          Very true. The discussion helped me, as I did think it meant not easily editable.

          As root of course you can change the system to be any other type of system (layer packages, rebase, whatever), but I did assume it meant not easily modifiable in it’s current state.