Lennart Poettering on Nostr: In particular systemd-sysext has become quite popular on immutable OSes (by which I ...
In particular systemd-sysext has become quite popular on immutable OSes (by which I mean the ones that provide cryptographic immutability via dm-verity, not things like ostree where the immutability is mere convention) to provide a certain level of modularity to an otherwise rigid file hierarchy.
With these tools, the /usr/ and /etc/ hierarchies become stacks (by means of overlayfs) of read-only, cryptographically protected, individually signed file system layers.
Published at
2024-05-06 07:49:31Event JSON
{
"id": "0a690d697816b67525407f1c47c7ab1a9a683907133bc9e8e03fe47db712dad0",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1714981771,
"kind": 1,
"tags": [
[
"e",
"5ead45d627039d29406d97ccd3ec8ad8a3a0dfbc7d675dbac75bec5de99c580e",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112393045397645945",
"activitypub"
]
],
"content": "In particular systemd-sysext has become quite popular on immutable OSes (by which I mean the ones that provide cryptographic immutability via dm-verity, not things like ostree where the immutability is mere convention) to provide a certain level of modularity to an otherwise rigid file hierarchy. \n\nWith these tools, the /usr/ and /etc/ hierarchies become stacks (by means of overlayfs) of read-only, cryptographically protected, individually signed file system layers.",
"sig": "4090fa77bd5b93c2a6bc2125b0527ca34d9ac2006e21e4ca51569cb945e3460677bf6df6a54edc0f87d83a7cd154a1f0b71106f564264100a454c5df771d2966"
}