Immutable Ubuntu Desktop Based on Ubuntu Core
In a recent blog post, Oliver Smith from Canonical shared updates on the upcoming immutable Ubuntu desktop using Ubuntu Core. Canonical started working on Ubuntu Core in 2014, which uses the same kernel container technology that Docker and LXC are based on. This helps in putting every system component into a secure sandbox with clear upgrade and rollback procedures.
Ubuntu Core is a secure, resilient, and continuously updated operating system that provides a fully-containerized IoT platform, thanks to its minimal footprint. And now, Canonical looks forward to offering a version of a fully-containerized Ubuntu desktop based on Ubuntu Core, where each component is immutable and isolated.
In this post, we will look into what an immutable operating system means and shed light on the role played by Ubuntu Core in the realm of immutable Linux.
Introduction to Immutable Operating System
Before discussing Ubuntu Core, let’s understand what makes an operating system immutable.
- Read-only: The main property of an immutable operating system is that the users and applications do not have permission to modify the system directly.
- Atomic Updates: Updates are applied atomically, which means that they are either successfully applied all at once or not at all.
- Predictable: Since the core operating system remains unchanged, its behavior is predictable across different devices.
- Isolated Applications: Applications are isolated from the core operating system and each other, often through the use of containerization. This guarantees that any changes made by an application do not impact the core system or other applications.
Immutable operating systems are suitable for environments that prioritize stability, security, and predictability, for example, IoT devices, servers, and high-security environments. However, in recent years, these characteristics have showcased substantial value to users, initially in the mobile OS domain and growingly in the PC space.
Ubuntu Core as an Immutable Linux Desktop Base
Beyond IoT, Ubuntu Core can be beneficial in other areas, such as developer workflow and user experience. Ubuntu Core brings a range of useful features, including secure boot, recovery states, and hardware-backed encryption, all significantly greatly enhancing the security of users’ PCs.
Moreover, it introduces the concept of modularity to the user experience, enabling users to explore alternative desktop environment snaps while maintaining a highly stable, signed, and secure LTS (Long-Term Support) base. This empowers users to experiment and customize their desktop environments while ensuring a robust and protected computing environment.
The utilization of snap channels introduces the concept of “rolling” specific components of the distribution. For instance, gamers may choose to opt-in to a kernel channel that promptly delivers the latest NVIDIA drivers as soon as they become available. This approach mirrors the strategy employed by the Ubuntu Desktop team in incorporating Mesa updates within Steam Snap.
Snap-based Ubuntu Desktop
Canonical announced last year that upcoming versions of Ubuntu Desktop would no longer include default support for Flatpak apps, starting with Ubuntu 23.04 (Lunar Lobster). However, to provide an immutable Ubuntu Desktop, they intend to use the Snap sandboxed package format.
Snaps, too, exhibit the characteristics of immutability. A snap is installed as a full, independent package that contains the application and all of the dependencies it needs. These components are combined into an immutable squashfs filesystem. This results in stability and predictability between hosts because “snapped” software doesn’t alter or depend on the host system’s libraries or settings.
The containerized approach ensures that each component of the system is safeguarded against tampering and can be updated independently and seamlessly. This allows you to run applications with confidence, as they are isolated from accessing sensitive information on your system. Instead, they only have access to the data they are intended to manage. Additionally, this approach grants you the flexibility to utilize newer versions of applications on older versions of Linux, expanding compatibility.
Source for this article at Ubuntu Blog.