Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?
It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.
Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?
It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.
They 100% can.
An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).
The filesystem itself is also read-only.
/dev/nvme0n1p4 on /sysroot type xfs (ro) /dev/nvme0n1p4 on /usr type xfs (ro) /dev/nvme0n1p3 on /boot type ext4 (ro)That would be true of podman running anywhere, and is not unique to an immutable distribution.
You can change that real quick if you have root access.