Egg Freckles
By Thomas Brand

4th Jun 2019 Immutable Design

After reading about some of the new features available in macOS Catalina it became clear to me Apple is working towards an immutable design.

Dedicated system volume
nmacOS Catalina runs in a dedicated, read-only system volume — which means it is completely separate from all other data, and nothing can overwrite your critical operating system files.

By enforcing a read-only system volume, Apple can ensure that every installation of macOS Catalina is immutable.nThat means that every installation of macOS Catalina is identical to every other installation of the same version,nand the operating system on your Mac’s hard disk is exactly the same as the operating system on the hard disks in the Macs at Apple Park.

An immutable design comes with some big advantages.nmacOS Catalina should be more stable, less prone to bugs, and easier to test and develop for than previous versions of Mac OS.nSystem updates can be installed faster.nNo need to wait for patches to be applied; simply reboot to the newest version.

Mac OS Catalina’s immutable design should also be more secure.nLending itself towards the deployment of containerized apps that are kept separate from system software.nEvidence of which be seen in another one of macOS Catalina’s published features.

DriverKit and user space system extensions
nPreviously many hardware peripherals and sophisticated features needed to run their code directly within macOS using kernel extensions, or kexts. Now these programs run separately from the operating system, just like any other app, so they can’t affect macOS if something goes wrong.

Of course should anything go wrong, macOS Catalina’s immutable design makes recovery easy.

Restore from snapshot
nIf your third-party software is incompatible with an update you just installed, use macOS Recovery to restore from a snapshot of your computer taken right before the installation. macOS and all your apps will work just as they did before you installed the update.

The ability to restore your Mac’s system software from a snapshot is made even more efficient when the state of that snapshot is not only predictable, but no longer unique to your Macintosh.

Of course an immutable design comes with some drawbacks.nDeveloper’s who rely on modifying Catalina’s underlying UNIX environment will need to move to container-based software development.nAt first this may seem like a burden, but developer’s have been supplementing the Mac’s outdated UNIX userland tools for years.nDeveloping on macOS Catalina should be no different, except these tools will need to be kept separate from the system volume, increasing consistency, reliability, and security during the development process.

As a system administrator, macOS Catalina’s dedicated system volume, immutable design, and subsequent features, promise to be the most important advancements in the next version of the Macintosh operating system.

Update:

As Steve Troughton-Smith points out:

macOS Catalina still respects your System Integrity Protection setting and lets you write to to the hard disk root if SIP is off.

I don’t know if this liberty will make its way into the final version, but if it does most of the benefits of macOS Catalina’s immutable design will be lost.