I’ve heard of immutable OS’s like Fedora Silverblue. As far as I understand it, this means that “system files” are read-only, and that this is more secure.
What I struggle to understand is, what does that mean in practical terms? How does installing packages or configuring software work, if system files can’t be changed?
Another thing I don’t really understand is what the benefits as an end user? What kinds of things can I do (or can be done by malware or someone else) to my Arch system that couldn’t be done on an immutable system? I get that there’s a security benefit just in that malware can’t change system files – but that is achieved by proper permission management on traditional systems too.
And I understand the benefit of something declarative like NixOS or Guix, which are also immutable. But a lot of OS’s seem to be immutable but not purely declarative. I’m struggling to understand why that’s useful.
Not necessarly, as far as i understand it flatpak uses ostree to re-use already existing “components/parts” , if possible. ref. https://ostreedev.github.io/ostree/
But it highly depends on the types and maintainance cycle of the software you have installed if this technique has a major influence. At the worst case every software you install has its own “special” requirements … unlikely … but for some (for example older) software that might very well be the case.