The concept of immutable objects – objects that can be replaced but not edited – is not new to Linux. Object-oriented program languages such as Rust, Erlang, Scala, Haskell, and Clojure have immutable objects, and many programming languages allow immutable variables. Similarly, the chattr command has an immutable attribute for directories and files.

In recent years, immutable systems have emerged, originally for the cloud or embedded devices, but now for servers and desktop environments as well. Some of these distros are new, and many are based on major distributions such as Debian, openSUSE, and Ubuntu. All are seen as adding another layer of security and most use containers and universal packages, bringing these technologies to the average user for everyday use (see Table 1).

The Immutable Architecture

The structure of immutable systems is complicated and varies with the distribution. While only an overview can be given here, the general definition of an immutable distro is a core operating system, usually placed in a separate container, that is read-only. Once installed, this core system cannot be permanently edited. Any editing attempt will be lost once the system is rebooted. Unlike in traditional systems, not even a root user can alter this core. Instead, the core can only be completely replaced by what is described as an atomic update during a system reboot (i.e., the update must be applied all at once or not at all). Often, each update can be stored like a snapshot for backup and may be chosen at bootup. These images may be handled by an application like Fedora Silverblue's ostree or through snapshots in a Btrfs filesystem, as with openSUSE's MicroOS.

[...]