I recently took up Bazzite from mint and I love it! After using it for a few days I found out it was an immutable distro, after looking into what that is I thought it was a great idea. I love the idea of getting a fresh image for every update, I think for businesses/ less tech savvy people it adds another layer of protection from self harm because you can’t mess with the root without extra steps.
For anyone who isn’t familiar with immutable distros I attached a picture of mutable vs immutable, I don’t want to describe it because I am still learning.
My question is: what does the community think of it?
Do the downsides outweigh the benefits or vice versa?
Could this help Linux reach more mainstream audiences?
Any other input would be appreciated!
Immutable, doesn’t mean extreme secure. It’s a false sense of security.
It could be more secure.
But during a runtime, it is possible to overwrite operational memory, mask some syscalls, etc.That’s my 3 cents.
it doesn’t allow changes to stuff that needs root access to change. If you have root access you can do anything, including switching images. It is not more secure. It’s not less either
Secure can also mean more resilient. The infosec C-I-A triangle has three legs. Confidentiality, Integrity and Availability. Immutable distros are more resilient and thus offer better availability in the face of attacks or accidents.
I didn’t know that inflation can affect idiomatic expressions.
Fully agreed. On almost any atomic distro, /home/user is writeable like usual, so any attacker is able to persist itself by editing
~/.bashrcand putting a binary somewhere.
I remain interested in the immutables or atomic distros because I know a lot of smart people that swear by them.
I also don’t try them just yet because I know a lot of dumb people like me that end up breaking a lot of stuff before quitting them altogether.
They could be amazing and just not perfected yet or they may be a meme and no one’s proved it outright just yet. Will be lurking this thread either way lool :D
These distros are great for beginners or less technically savvy. They’re really just harder for people who have been using Linux forever and are very accustomed to the old ways.
Yeah I think atomic is more appropriate but I’m not exactly sure what the difference is?
Immutable = Read-Only Root FS && Updates entire system image rather than individual files
Atomic = Updates as single transaction (all or no update) && Containerization w/ Rollback capabilityThis is quick summary from quick research pls correct where technically wrong.
If we’re asking what people mean when they use those descriptors, then you’re correct.
However, literally speaking, in this context, immutable only means read-only, and atomic only means that updates are applied all-at-once or not at all (no weird in-between state if your update crashes halfway through).
The rest of the features (rollbacks, containerization, and immutable meaning full system image updates) are typically implied, but not explicitly part of the definition.
I knew a real wizard would clarify sooner than later. Much obliged and keep up the good work anon!
That makes sense, bazzite is referred to as atomic (that’s what I meant in the above comment about atomic being more appropriate, forgot to add that context though lol) specifically instead of immutable. Bazzite updates like you said and you can always roll back, thank you for the explanation!
So, you’re saying that immutable is terrible for system uptime.
You have to reboot machines to run secure kernel code. High uptime means running outdated, vulnerable system code.
Uptime is for services, not individual servers.
Could you share some pics (without anything private ofc) of bazzite? I wanted to try it but I couldn’t use it as live distro. My main problem is arch because I’m used to
aptand I find pacman or whatever it uses difficult for me (nothing I can’t learn ofc)I love the idea of getting a fresh image for every update
What do you mean? Thanks
I don’t have any pics cause I’m not currently near my computer that runs bazzite.
If you’re mainly using GUI apps you’ll probably just be installing everything through flatpak, which you can use via the Discover store that comes with KDE Plasma. CLI apps are installed using homebrew.
The docs might give you some insight on using it: https://docs.bazzite.gg/
Isn’t bazzite fedora-based? Meaning you use
dnfinstead ofaptorpacman.Since it’s immutable, you’ll probably not be using DNF much.
Good point!
I use Aurora Linux which is the sister one to Bazzite, both are Fedora 41 based images. They strongly encourage using the FlatPak approach to installing software. After using it for a few weeks now, I can see why. One of the things with the immutable setup is once you install a program, you have to reboot to get it to run, but with Flatpak, it isn’t so. I think Flatpak has it’s merits - if they have an app which you normally use, then it’s easy enough to install and go.
For the Fedora side of things, you can “layer” apps over it using the rpm-ostree but they encourage you to only do that as a last resort. One of the things they enable you to do is install additional OS’s containerized which integrate with the desktop environment. For example, right now, I can only run Scrcpy in a different OS (That I’ve been able to figure out so far), so I just spin up an Arch OS container and launch it from there, and can interface with my phone normally. As I understand too, the developers plan on disabling layering in a future release. To be honest, I don’t think I have but one thing layered and that’s my Label Printer’s driver.
The benefit for me using the immutable system and this is the hardest thing to grasp for a lot of people including myself is that it truly is set and forget type of updating. With Arch, you can become sort of addicted to checking for new releases, and I’m not going to lie, it’s amazing to get some of the newest releases of your favorite app or browser especially when they fix something. With Arch, it’s generally there. With my system, I turned on auto updates, so it’s not too uncommon to bring the system up in the morning and see that updates have been given (I don’t notice them usually). It’s nice not having to worry about that as much.
Is it stable enough to recommend for non-techy users? Set-and-forget sounds ideal for someone who doesn’t understand (and doesn’t really need to understand) all the updates their machine is doing.
In my opinion so far yes, I’ve only been on it a few weeks, but think of the immutable as locking down the root partition and any vital directories to the OS and not allowing your user to modify anything. In the event of a bad update, it’s easy enough to select the previous boot in Grub and be on your merry way.
I have a special needs adult step-daughter who’s PC I manage and I always need to keep it updated, setting it up on their Bluefin version which uses Gnome which she loves. So, I may do it this weekend. She’s currently on Endeavor OS (Arch based) but it keeps getting kernel updates daily it seems and with those a reboot. Additionally, for whatever reason, her system goes to sleep without warning sometimes so if I’m updating it, it’s gone to sleep. (Super weird). I’ve never had it do this before with Standard Arch linux so I think its something to do with Endeaver. I’ve never bothered to troubleshoot it to be honest. With a setup on the BlueFin (Aurora Linux is KDE), enabling Auto updates should be a breeze and then she’s golden for being updated without my intervention.
I don’t know what it uses and as someone who always used apt, pacman or dnf is hard to understand
Bazzite comes packaged with the essentials so that anyone can use it without using terminal. Flatpak is enabled by default and this is the best approach. You can check it out below.
https://docs.bazzite.gg/Installing_and_Managing_Software/
If you’re not comfortable yet using any other terminal package manager other than apt, you can still use bazzite and learn with time. You can install most apps through Discover (KDE) or Gnome software
- You can still apply updates live, e.g. on Bazzite (Fedora Atomic) with the
--apply-livetag (or however it’s spelled). - The root partition isn’t read only per se, but you have to change it from upstream image instead of the one right now. You can use the uBlue-Builder for example to make your own custom Bazzite spin just for you if you want.
- Both aren’t inherently secure or insecure. It’s harder to brick your system, yeah, for sure, but you can still fuck up some partitions or get malware. It’s just better because everything is documented, saved, containerised and reproducible.
- And you can still install system software, e.g. by layering it via rpm-ostree. Or use rootful containers in Distrobox and keep using apt in there.
I run bazzitr and distrobox is amazing. No need to worry about distro when some devs only provides deb only.
Distrobox is something I want to start playing with, I like the idea of the containers
- You can still apply updates live, e.g. on Bazzite (Fedora Atomic) with the
N I x o s
Nix is atomic, not immutable
Solves the issue tho
Atomic and declarative. Which is way cooler.
Well it’s a bit confusing. On Guix’ wiki General features you can read:
Guix keeps track of these references automatically so that installed packages can be garbage collected when no other package depends on them - at the cost of greater storage requirements, all upgrades in Guix are guaranteed to be both atomic and can be rolled back.
The roll-back feature of Guix is inherited from the design of Nix and is rarely found in other operating systems, since it requires an unorthodox approach to how the system should function (see MicroOS).
And then on its wiki Guix System (operating system) Roll-back you can read:
This is accomplished by a combination of Guix’s functional package manager, which treats each package and system configuration as an immutable and reproducible entity,[58] and the generation system which maintains a history of system configurations as “generations.”
So the system configurations on a Guix system are actually immutable, as opposed to regular gnu+linux distributions, which can change the system configuration on the fly. What else is immutable on Guix, I can’t tell, but at least you can not change its system configs. What is atomic is the upgrades.
I’m not sure, but as Guix borrowed these properties from Nix, I’d think this applies to Nix as well.
In other words, at least the Guix system has immutable components. And further, the system config which is immutable, is also declarative. Combining those two things might be intimidating, since it’s not like on the fly one can go and change the system config, which might be required when debugging some misbehavior, and it’s what most distros document, then one needs to learn about guile, and a bit about functional programming I guess or at least their basics… Deploying systems might take advantage of such declarative configurations though…
I really appreciate rarely seeing the message “update complete, please reboot now”. I would consider myself on the tech savvy side though.
Yeah what I really meant was you don’t have to have much linux experience to jump in, I definitely like the idea of not doing live updates now that I know it’s an option
I’m using Bluefin and overall it’s great. However, there are some unique issues due to immutability and flatpak.
- It’s more difficult to utilize a NAS. For example, on something like Mint, I can open Proton Drive on Firefox, and I can upload files from my NAS to PD.
On Bluefin, I can access my NAS and all files using the Files app, but not using I cannot accomplish the above task in the same way. Firefox cannot fully access my NAS, and I have not figured out how to make it work. I’ve played around with Flatseal, but can’t get it to work. Instead, I need to use Files to download the files from my NAS to a local folder, and then I can use Firefox to upload to PD from that local folder. I’m guessing there is a better way, but I haven’t figured it out yet.
- I would desperately like to use a screenshot tool with built-in annotations, but I haven’t found a flatpak that works. As I understand, it might have something to do with Wayland and/or my Nvidia GPU.
So while most things “just work,” there are some problems. Planning to stick with it and keep learning. I do love the concept and I’m overall very happy with the everything.
For #1 could you use distrobox to run it with another OS? I’m pretty new to all this so I could be way out in left field lol.
I added this edit above. Pasting here in case you are curious. Cheers.
EDIT: This thread motivated me to try and fix this issue. Installing Firefox using rpm-ostree worked. I expected it would, though I am still hoping to figure this out using the Flatpak version at some point. I also tried using Distrobox/Box Buddy to create a Fedora 40 box and install Firefox there. That version of Firefox couldn’t even see my NAS at all (unlike the Flatpak which could see my NAS but couldn’t upload files from the NAS to Proton). This was my first time ever using Distrobox. I thought it was super cool to see it in action and get a working Firefox, even though I couldn’t use it to access my NAS as hoped.
I haven’t tried any distobox stuff yet but I’m very curious. I will at some point.
Whoever downvoted this is lame. I appreciate your question.
I use Proton Drive on Librewolf on Bluefin without issues, so that seems a little odd. It might be an issue with what access you’ve given the fkatpak. Flatseal is the right place to look.
Are you using librewolf to upload files from your NAS to Proton Drive?
I readily admit I am still not super proficient with flatseal. I spent a lot of time trying to fix this by adjusting the file permissions, but I’m now wondering if it was some other local network setting I missed.
I also don’t use fstab to mount my NAS. I just sign in using Files which creates a smb link. On Firefox/proton drive website I can see the files but I cannot upload them directly to Proton Drive from my NAS using Firefox (or Zen) on bluefin.
In the Filesystem section for that app in Flatseal, you need to add the path to your NAS drive (the same SMB path that it’s mounted in the Files app). That will give your FF flatpak access to that location.
These seems to be related to flatpak, not immutability.
I have investigated the idea and came to the conclusion that immutable distros are essentially a research project. They attempt to advance the state-of-art a slight bit but the cost is currently too great.
Perhaps somebody will some day create something that’s worth switching to. But I don’t think that has happened yet, or is happening with any of the current distros. Silverblue might become that with enough polish, but I feel that to get that amount of polish, they would have to make Silverblue the 1st class citizen, i.e. the default install of Fedora.
is nixos considered immutable or mutable? kind of has characteristics of both.
I’d argue it’s closer to a mutable distro than an immutable one.
Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.
You can build an ‘immutable’ environment on nix, but rather than storing changes as transactions like rpm-ostree, it’ll modify path in /nix/store and symlink it. Sure, you can store the internal representation of those changes in a git repo, but that is not the same thing as the changes themselves; if the nixpkgs implementation of a config option changes, the translation on your machine does too.
Nixos tends to lean on the term reproducible instead of immutable, because you can have settings (e.g files in /etc & ~/.config) changed outside of nix’s purview, it just won’t be reproducible and may be overwritten by nix.
Interesting. If possible, could you more explicitly draw comparisons on how this isn’t quite the same over on say Fedora Atomic? Like, sure changes of
/etcare (at least by default) being kept track of. But you indeed can change it.libostreedoesn’t even care what you do in your home folder. Thus, changes to e.g.~/.config(and everything else in/var[1]) are kept nowhere else by default.
- Which happens to be more crowded than on other distros as folders like
/optare actually found here as well.
~/.config is probably a poor comparison on my part; it’s management is actually done by home-manager rather than Nixos proper, and I can’t think of another OS that fills this same role.
Nixos generates (for example) /etc/systemd/network to a path in /nix/store and symlinks it to it’s appropriate locations. After the files are generated the appropriate /nix/store paths are (re-mounted? Over-mounted? I’m not sure the implementation) made read-only (by default), but anything that isn’t generated is absolutely both mutable and untracked, and that “not tracking everything in /etc” is more what I’m going on about.
If you use Nixos as intended (when you find that a package is lacking a config option you want, create your own nix option internally) the distro is effectively immutable, but if you use Nixos for anything moderately complex that changes frequently e.g. a desktop os, you eventually run into the choice: become competent enough to basically be a nixpkgs contributor, or abandon absolute immutability.
I think the first option is worth it, and did go down that route, but it is unreasonable to expect the average Linux consumer to do so, and so something like fedora atomic is going to remain more “immutable” for them than nixos.
This need to git gud is thankfully lessening with every commit to nixpkgs, and most people can already get to most places without writing their own set of nix options or learning how to parse //random markup language// into nix, but you’ll eventually run into the barrier.
- Which happens to be more crowded than on other distros as folders like
nixos and guix are immutable and two of the only immutable distros I like
The store is immutable but the system itself definitely isn’t.
The store is immutable
What does that mean, that the store is immutable? I never used NixOS, so not sure how to interpret that.
Packages in nix are in the store directory, each package in a dir named after the package hash. So you can have 15 versions of firefox installed, for instance, and the different versions go in different folders with different hashnames.
When it’s time to set up a user env, their specific version of firefox is (conceptually) symlinked into the users profile. When that user executes firefox it gets one out of the 15 versions. Another user may get a different one.
Anyway, the package store is off limits to users, and a real bad idea to modify for root too.
I see. I think the term “sandboxed” would be more appropriate than “immutable” in this context. Similar to Flatpak, where multiple versions per package can be installed at the same time.
That’s not what sandboxed means and Nix isn’t sandboxed.
Sandboxed means it runs in a separate container, often with limited permissions; raising security at the cost of performance.
They are “sandboxed” by separate namespace. It functions conceptionallyas a container that does not interfere with the other packages. The limited permission system is not a must part of any sandboxing, its just common in popular packaging systems. The term doesn’t only have a singular meaning. It certainly is a better term than “immutable” to describe the concept of Nix packaging.
what does the community think of it?
It’s important to note how the Linux community interacts with change. In the past, whenever a change has been significant enough to influence individual workflows, it often provoked strong reactions. This was evident when systemd was introduced and adopted by distros like Arch and Debian. Even though systemd was arguably superior in essential aspects for most users, it failed to meet the needs of at least a vocal minority. Consequently, community endeavors were set up to enable the use of Debian or Arch without systemd.
Similarly, the introduction of immutable distributions seems to upset some people, though (at least to me) it’s unjustified. Immutable distributions don’t necessarily alter the traditional model. For instance, the existence of Fedora Silverblue doesn’t impose changes on traditional Fedora; let alone Arch or Debian.
But, overall, most Linux users aren’t bothered by it. Though, they often don’t see a use for themselves. Personally, I attribute this at least in part to existing misconceptions and misinformation on the subject matter. Though, still, a minority[1] (at best ~10%) actually prefers and uses ‘immutable’ distros.
Do the downsides outweigh the benefits or vice versa?
Depends entirely on what you want out of your system. For me, they absolutely do. But it’s important to note that the most important thing they impose on the user is the paradigm shift that comes with going ‘immutable’. And this is actually what traditional Linux users are most bothered by. But if you’re unfamiliar with Linux conventions, then you probably won’t even notice.
As a side note, it’s perhaps important to note that the similarities between traditional distros are greater than the similarities between immutable distros. Also, Fedora Atomic is much more like traditional Fedora than it is similar to, say, openSUSE Aeon or Vanilla OS. Grouping them together as if they are a cohesive group with very similar attributes is misleading. Of course, they share a few traits, but overall, the differences are far more pronounced.
Therefore, it is a false dichotomy to simply label them as traditional distros versus immutable distros. Beyond these names, which we have assigned to them, these labels don’t actually adequately explain how these systems work, how they interact, how their immutability is achieved (if at all), what underlying technologies they use, or how they manage user interactions. The implications of the above. Etc.
Could this help Linux reach more mainstream audiences?
The success of the Steam Deck and its SteamOS are the most striking and clear proof of this. So, yes. Absolutely.
- Not accounting SteamOS users.
Since the idea is that the “root partition” is immutable, serious question:
How do you fix a hardware config issue or a distro packaging / provision issue in an immutable distro?
Several times in my Linux history I’ve found that, for example, I need to remove package-provided files from the ALSA files in
/usr/share/alsain order for the setup to work with my particular chipset (which has a hardware bug). Other times, I’ve found that even if I set up a custom.XComposefile in my $HOME, some applications insist on reading the Compose files in/usr/share/X11/localeinstead, which means I need to be able to edit or remove those files. In order to add custom themes, I need to be able to add them to/usr/share/{icons,themes}, since replicating those themes for each $HOME in the system is a notorious waste of space and not all applications seem to respect/usr/local/share. Etc.Unless I’m mistaken on how immutable systems work, I’m not sure immutable systems are really useful to someone who actually wants to or needs to power user Linux, or customize past the “branding locking” that environments like Gnome have been aiming for for like a decade.
My guess would be: have an additional overlay filesystem on top of your immutable root and apply all your fixes to it.
On the one hand sounds sensible, on the other hand I wonder if that’s possible when wanting to apply things that need to take place as early in boot as possible (eg.: modprobe options for a module, apparmor profiles, …).
I think they’re great. I’ve got two Linux newbies running some Ublue variant with no issues
Appimages, flatpaks, snaps
Former OS security guy. Fuck no. Nope nope nope nope.
You’re definitely out of date on your knowledge then. Nothing inherently insecure about any of these. Only download software you trust, just like you should be doing with any software format!
If you trust it, why not just install it like a y other app?
Oh wait, it’s generally pushed for binary only blobs, no source… so why are you even trusting it?
I don’t really know what you’re saying. Most software is distributed as binaries, that doesn’t make them inherently untrustworthy, you just need to have trust in whoever is distributing it. It’s trivial to look at the build process of a flatpak and verify that it is legitimate. Just because the binary isn’t being built from source by every user doesn’t make it insecure.
Who is mostly pushing these containerized apps?
Proprietary software vendors.
Same for who stands the most to benefit from immutable distros. Like Android and MacOS get shipped.
Flatpak is completely open source software and any proprietary software in it has a large warning about how it’s proprietary. I don’t know why you think proprietary software vendors are pushing these. Ublue, NixOS, and Fedora Silverblue are all community run, not being pushed by some malicious group pushing proprietary software.
Why companies even have anything to gain from their proprietary software being in a container? All that would do is make data collection more difficult.
Why do you think all phone makers push it?
Because it improves security and privacy, something they can advertise as a feature. There’s no negative for them to implement, it’s their phone, they can already collect all the data they want. It still prevents other apps from accessing data they shouldn’t.
Why do you think phone makers push it? What possible malicious reason do you think proprietary software makers have to push containerization and sandboxing? What do they gain?
There is literally no arguing with people like you, haha
I can see where you’re coming from because of outdated libraries and flatpak sandboxing not really being a thing (it’s an illusion, really) but you can’t deny that this is the direction we’re moving in, and we need to get flatpak sandboxing and permissions right, to ensure a proper base level of security.
For those unaware:
-
Many flatpaks use older, outdated, or end-of-life libraries
-
Flatpak permissions are messed up because most applications ask to bypass the sandbox at install-time
-
How come?
Yes, who would want sandboxed apps which restrict the app’s access to the system. /s
I can see why it’s “former”.
I switched to silver blue after a bad update and my experience has been almost identical if not smoother than standard fedora
