Brian

Upstream Linux. Open source politics. Tools for oddly specific frustrations.

What I'm reading

Cover of Atomic Habits

Cover of Meditations for Mortals

Submitted to DevConf.CZ 2026 in Brno, Czech Republic on June 18-19, 2026

Abstract

systemd-sysext is a standard mechanism for overlaying /usr on any systemd-based OS. The spec and tooling exists, but what happens when you push it past “hello world” into production software - GPU drivers, Kubernetes, container runtimes?

Flatcar Container Linux has been shipping all of these as sysext images since 2022. Docker and containerd don’t exist as binaries in the base OS - they’re sysext images. Kubernetes can upgrade independently of the OS via sysext + sysupdate.

This talk covers what broke, what we fixed, and what we contributed upstream to systemd. You’ll see the two hardest engineering problems - dynamic linking collisions and library path isolation - and the open source tools (Flix and Flatwrap) that solve them. We’ll discuss when sysext is the right tool and when rpm-ostree is better.

Whether you work on FCOS, Flatcar, or any other systemd-based distro, sysext is already in your systemd. This talk tells you what to expect when you use it for real.