Livefs, security impact, and can it be disabled

I’ve been looking at silver blue for the added security of an immutable os file system and containerized software. I see that there is an experimental feature called livefs that lets you make commits to ostree on a live system. Is there a way to disable this feature or compile wihtout it ? I’m curious as to what the security ramifications of this feature are. I’m brand new to the community. Thanks!

livefs is an experimental command that lets you apply package changes without a reboot. However I believe you need root to access it (IIRC it doesn’t even use polkit), so it’s not a huge security issue; with root access there are far more drastic things that could be done to the system.

1 Like

@refi64 It makes sense that this is only a feature root can use. I realize that with root you could do other harm but a few questions from that:

  1. whats the point of the immutable file system
  2. what about permission escalations or bugs in the feature especially since its experimental
  3. what is the planned future of this feature?
  1. The point of the immutable filesystem is largely for atomic upgrades, if you have root you could still technically modify it even without rpm-ostree. root on unix systems is just a very, very powerful account…
  2. The feature definitely has bugs, but authentication is handled by polkit (used for privilege checks by many Linux apps) so the chances of escalations is pretty low.
  3. I have no idea.

Thanks so much for the reply