Skip to content

Interview Cheat Sheet: Linux Platform Engineer

Night-before review. One page covering every requirement, your talking points, and the technical terms you need to use confidently.

Your Unique Angles

Their need Your strength Talking point
Custom Linux distro Bash OCI frameworks, OS image generation "I build the factory that builds the product"
Sway/Wayland Learning fast + Rust (Smithay) "Rust compositors are the future; I bring both Rust and systems automation"
C/C++ systems programming C++ experience, Rust expertise, C99 sensor work "I choose Rust for memory safety in multi-tenant environments"
Chromium patching Large codebase navigation, vim power user "I've worked across many connected codebases in robotics"
perf/bpftrace Solid Linux userspace, learning kernel tracing "I know how to measure before optimizing"
seccomp/sandboxing Docker/OCI security, namespace understanding "My OCI frameworks already orchestrate these primitives"
Open-source contributions Git expert, code review experience "I contribute upstream to reduce patch burden on forks"

Key Technical Terms (use these in conversation)

Wayland

  • wlroots -- compositor library (~60K LOC C), used by Sway
  • Smithay -- Rust compositor library, used by COSMIC desktop
  • xdg-shell -- window management protocol (configure/ack_configure dance)
  • ext-image-copy-capture -- new frame capture protocol (replaces wlr-screencopy)
  • wp-linux-drm-syncobj -- explicit GPU synchronization (fixes NVIDIA)

Kernel Graphics

  • DRM/KMS -- kernel display subsystem (CRTC → plane → encoder → connector)
  • Atomic modesetting -- all display changes in one ioctl (no flicker)
  • dma-buf -- zero-copy GPU buffer sharing via file descriptors
  • GBM -- buffer allocation (gbm_surface is legacy → use explicit gbm_bo)

Security

  • seccomp-BPF -- syscall filtering (Chromium allows ~30-50 syscalls)
  • Landlock -- path-based file access sandbox (unprivileged, stackable)
  • User namespaces -- UID mapping (root in container ≠ root on host)
  • Wayland isolation -- no cross-client input snooping or screen reading

Build

  • mmdebstrap -- fast Debian rootfs builder (2x debootstrap)
  • dm-verity -- cryptographic rootfs integrity (Merkle hash tree)
  • bootc -- build immutable OS images using Containerfiles + OCI registries
  • OverlayFS -- writable layer on read-only rootfs (Docker's layer model)

Architecture You Should Be Able to Whiteboard

Browser → NestJS backend → AI agent (VLM)
                                ↓ sees screen
          ┌─────────── Kubernetes pod ───────────┐
          │ Custom Debian │ Sway │ WayVNC │ Chromium │
          │ (read-only)   │(comp)│(stream)│ (kiosk)  │
          └──────────────────────────────────────┘
                    ↑ frame capture: ext-image-copy-capture
                    ↑ input injection: wlr-virtual-keyboard/pointer

Questions They Might Ask

  1. "How would you build a multi-tenant Wayland desktop environment?" → Kubernetes pods, each with Sway (headless backend) + WayVNC + Chromium. User namespace isolation. seccomp on renderers. Landlock on file access.

  2. "How would you debug frame drops in the VNC stream?" → bpftrace: trace DRM page flip timing, check WayVNC encode time, off-CPU flame graph to find blocking I/O, check socket buffer pressure.

  3. "How do you maintain a Chromium fork?" → Brave's model: chromium_src overrides + minimal patches wrapped in #ifdef. Rebase on each Chromium milestone. Upstream fixes when possible.

  4. "What's your approach to immutable OS updates?" → A/B partitions with dm-verity. RAUC for atomic switchover. Health check service marks boot as good. Failed boot → automatic rollback.

Numbers to Know

  • Sway/wlroots: ~60K LOC C, i3-compatible, MIT licensed
  • Chromium: ~30M LOC, GN/Ninja build, ~30-50 syscalls allowed in renderer sandbox
  • VNC ZRLE encoding: ~2-5 Mbps at 1080p, ~5ms encode time per frame
  • dm-verity overhead: ~1-3% read latency, negligible for SSD
  • Container cold boot: ~2-8 seconds for minimal systemd + Sway + WayVNC + Chromium