The Future of Immutable File Systems?

So far we have Fedora Silverblue and openSUSE MicroOS in the major distros offering distros with immutable (read only) core systems. And to a lesser degree, Bottlerocket, Flatcar and Talos.

So are they the future of Linux from a security POV? Do we have much choice?

I haven’t looked too much into it, but what i’m wondering if they’re read only that means that all system settings you’ll rely on some brainlet who configured given distribution defaults without ability to change? :laughing:

If it’s so - that limits my freedom, so not a fan even if it gives a bit more fool-proof security.



The two I have tested, Silverblue and MicroOS, use rpm-ostree for layering those changes you need and they sit on top of the image. I guess they are saying we as users can’t change the image, but each time we boot (which is very, very often) given that the layering only happens when you reboot. If there is an update to system it will update the image automatically.

It is interesting to note, it stores, the previous 3 images, which you can restore to from a boot menu, just like snapshots, except it uses systemd.


For those who will to jump into that rabbit hole - some resources to dive into.


He is a strong voice for immutable systems, but he reminded me you have distrobox and toolbox, if you can’t find what you want ton Flathub.

You have missed quite a few from your list including NixOS which is one of the largest.

The thing about immutable FS based distros, is that they are very different from each other. They don’t even all have the same goals.

Immutability on Linux isn’t new and it used for various reasons, it isn’t always about security.

I would categorize these into three very broad categories.

  • Distros where the primary use of the immutability is used to limit user change to make it easier to support and maintain. For example, many of the media player-centric distros do this(i.e. librelec)
  • Distros where there are huge trade-offs. You get a bunch of benefits but there are also a bunch of serious shortcomings making them not suitable for every purpose. This is where I would put NixOS and Silverblue for example.
  • Distros where neither the benefits not the downsides are that high making the value proposition somewhat minimal. For example, distros that use A/B root switching.

As with everything related to Linux, it is likely they are a future, not the future. Almost nothing is universally adopted, even when the pros far outweigh the cons.

All the implementations are so different that there is no universal way to answer that. It ranges from the user having a lot of control to the user having almost none.


As it is.

well, you missed the most prominent (although developed further away from the origin) immutable Linux distribution:
It has a read only /system partition with the folders like a real Linux system where the OS is, and a writeable /data partition where all user-generated content like Apps and Settings are saved :wink:


My mind was on Linux desktops, but since you mention it, you are right.
I guess it begs the question why people root their Android phones.

Here is another one to the list iOS, it is totally immutable! Just the way Apple like it, under their control.

So it’s granny distros!




1 Like

immutable - unchanging over time or unable to be changed.

Doesn’t sound like rolling to me. :rofl:


no thanks, even macs with their closed system, are not welcome with me

1 Like

A rolling stone gathers no moss - so is it immutable? :upside_down_face:


I guess i can’t hide under a rock then. :wink:

1 Like

Generally /etc is still writeable so you can change settings fine. Its when you need things like dkms that it gets complicated as at the moment it takes some work. Silverblue folks are working on that situation.

1 Like

I would say dalto has covered most of what I’d say on the topic so I won’t repeat it lol

I will add that from a corporate perspective immutable Linux looks to be the future. The support and security benefits of it along with encrypted system, secure boot with uki, and implementing something like dm-verity are very attractive in that context. This will allow deployment of Linux products in interesting ways for corporate and consumer clients.

1 Like

Actually much more than you think.

  1. /home/
  2. /var/tmp/
  3. /run/media/
  4. /opt/
  5. /etc/
  6. /usr/local/
1 Like

I couldn’t remember all the writeable directories. I knew more than /etc but wasn’t gonna guess a list :joy:

“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

Benjamin Franklin

Btw - I do gnome.