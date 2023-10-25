Linux OS with immutable file system
25 October 2023
Computer/Embedded Technology
For those engineers and technicians who prefer a vanilla Linux operating system instead of the more common Windows OS, then a new kid on the block may pique your interest.
Known as VanillaOS (yes, really), this OS promises a lot in terms of security.
Although based on Ubuntu, it does not use any of the niceties making up the Ubuntu experience: the Ubuntu Dock, the Yaru theme and other modifications are all missing. Instead, the default plain Gnome desktop environment is present.
What really sets this project apart from others, however, is in the security stakes. This OS takes a new approach to computing by using an immutable file system. For installations and updates, this system does not use the standard apt package manager. Instead, a new package manager and subsystem has been developed called apx.
This new subsystem is a wrapper around multiple package managers, which allows one to run commands inside a managed container for security. The benefit of this is that any apps being installed cannot change or affect the core system packages in a bid to improve security, reliability and stability.
OS updates are also handled differently using a custom-written software technology called ABRoot. VanillaOS uses transactions between two root file systems. When a new package is installed, ABRoot will check
which partition is the present root partition (let’s say A) and then mount an overlay on top of the partition A and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (B).
On the next boot, the system will automatically use the new root partition unless there is a boot failure. In that case, the overlay will be discarded and the system will boot normally, without any changes to either partition.
Updates have also been made to behave smarter. Instead of installing in the background, regardless of what the machine is doing, VanillaOS updates are installed only if the device is not under load or not running on low battery. If it is, the machine then waits for a reboot to perform the install.
For more information visit www.vanillaos.org
