Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?

It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      4 months ago

      They 100% can.

      An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

      The filesystem itself is also read-only.

      /dev/nvme0n1p4 on /sysroot type xfs (ro)
      /dev/nvme0n1p4 on /usr type xfs (ro)
      /dev/nvme0n1p3 on /boot type ext4 (ro)
      
      • myersguy@lemmy.simpl.website
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        4 months ago

        An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

        That would be true of podman running anywhere, and is not unique to an immutable distribution.

        The filesystem itself is also read-only.

        You can change that real quick if you have root access.