Does anyone know of a hosting service that offers Silverblue as a possible choice for OS?

It seems to me that for a server running only docker services the greatly reduced attack surface of an immutable distro presents a definitive advantage.

  • asap@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 months ago

    My comment in the comment chain was:

    An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).

    We could give the op the benefit of the doubt and thinking that they were saying that the attacker inside the container managed to gain root inside the container.

    • myersguy@lemmy.simpl.website
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Your comment also contained

      The filesystem itself is also read-only.

      Which is what led to the further discussion of root making that not so.

      I don’t believe that to be the intent of the OP’s comment, given their second sentence, but they are welcome to state otherwise. I just don’t want them thinking that an immutable distribution gives them some kind of bulletproof security that it doesn’t.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Very true. The discussion helped me, as I did think it meant not easily editable.

        As root of course you can change the system to be any other type of system (layer packages, rebase, whatever), but I did assume it meant not easily modifiable in it’s current state.