Vanilla OS offers a new take on security for the Linux desktop

If you're looking for a new operating system that takes security seriously, but doesn't cause major user headaches, Vanilla OS might be just the ticket.
Written by Jack Wallen, Contributing Writer
Reviewed by Alyson Windsor
vanilla os desktop
Image: Jack Wallen

I've used every flavor of Linux you can possibly imagine -- from the overly simple to the masterfully complex. I've seen just about every gimmick and trick you could throw at an operating system. Finally, there's a new take on Linux that is equal parts heightened security and user-friendly. If that sounds like the combination you've been looking for, read on, my friend.

Also: How to choose the right Linux desktop distribution

The first official release of Vanilla OS was recently made available to the masses. I've tested this Linux distribution before and found it to be quite intriguing. So, when the developers announced the full release was ready, you can bet I was anxious to kick the tires.

I came away from my testing experience very impressed. Let me explain.

A security-focused operating system

When you think of a security-focused operating system I would imagine any number of thoughts might pop into your head, one of which is "complicated." In the earlier releases of Vanilla OS, they used Almost for immutability. I tested those early releases and found them to be fascinating but far from user-friendly. 

With the new release, the developers shifted away from Almost to ABRoot. Back when they were using Almost, you'd have to use one of two commands to enable or disable immutability, such as:

  • For read/write - sudo almost enter rw
  • For read-only - sudo almost enter ro

The problem with Almost was you could enable read-only mode, but still be able to create files within the root file system. Another issue was that three important directories were immune to immutability, /home/, /etc/, and /var/. 

Also: 8 things you can do with Linux that you can't do with MacOS or Windows

So, the developers opted to switch to ABRoot, which allows for fully atomic transactions between 2 root partitions (A ⇔ B).

The developers explain it like this:

ABRoot achieves [atomicity] by transacting between 2 root file systems: A and B. Let's make an example. Let's say you want to install a new package. ABRoot will check which partition is the present root partition (i.e A), then it will mount an overlay on top of it and perform the transaction. If the transaction succeeds, the overlay will be merged with the future root partition (i.e B). On your next boot, the system will automatically switch to the new root partition (B). In case of failure, the overlay will be discarded and the system will boot normally, without any changes to either partition.

Let's see if we can make sense of it by way of installing the htop command in Vanilla OS. You can do this two different ways, with the apx package manager or using ABRoot. If you go the apx route, htop will be installed inside a container with restricted access to a system's resources while still being able to function as expected. 

To install htop with apx, the command would be:

apx install htop

Notice, you do not use sudo to gain heightened privileges for the installation. This is done intentionally. 

The optional installation route is via ABRoot, which is more complex and requires a reboot after installation. For example, you can install htop with:

sudo abroot exec apt install htop

After installing htop with this method, you'll find the command isn't available until you reboot the system. That is because the system hasn't switched to the new root partition that contains the newly-installed application. 

Vanilla OS also includes Flatpak and AppImage support. You can even install Flatpak apps from within the GNOME Software GUI, so you're not limited to installing applications via the command line.

Smart Updates

Another really fascinating feature is called Smart Updates, which is enabled in the Vanilla OS Control Center, and ensures the system will not update if it's either under a heavy load or the battery is low. To enable this, open the Vanilla OS Control Center, click on the Updates tab, and then click the ON/OFF slider for SmartUpdate.

The Vanilla OS Control Center Updates tab.

Enabling Smart Updates in Vanilla OS.

Image: Jack Wallen

Smart Updates was designed such that users don't have to worry so much about updates. Once enabled, updates will go through ABRoot transitions and aren't applied until the next reboot. Not only does this allow the updates to happen fully in the background, but it also makes them atomic, so they only proceed when it's guaranteed they will succeed.

The only caveat to this system is that you are limited to either weekly or monthly updates, as there is no daily option for scheduling. However, if you're doing weekly updates, you should be good to go.

Sub Systems

Another outstanding new feature might really only apply to developers, but it's really cool. Vanilla OS allows you to launch different containerized systems, based on either Arch Linux, Fedora, or Alpine Linux. From within the Vanilla OS Control Center, click on the Sub System tab and click the + button for one of the different flavors to launch a container based on that system. For example, click Fedora and a terminal window will open in a Fedora container where you can interact with it as if it was an actual Fedora Linux distribution. This is a great option for creating containers for the distributions you want to work with.

The Vanilla OS Control Center Sub System tab.

Accessing the Vanilla OS Sub System features.

Image: Jack Wallen

Beyond the special features

Setting aside that which makes Vanilla OS special, the distribution is as stock a GNOME experience as you'll find and does a great job serving as your desktop operating system. It's easy to use, reliable, and performs really well…especially considering this is the first official release.

Would I recommend Vanilla OS to any user type? Sure. Although users new to Linux might not quite understand what they're using, they can still enjoy a very secure and reliable operating system that helps protect the system in numerous ways that other distributions do not. 

Also: Try these Linux app equivalents if you're interested in making the jump

To find out more about Vanilla OS, make sure to read the official release notes and download an ISO image for installation from the project's GitHub page

If you're looking for a new operating system that goes a long way to keep your system safe and running properly, Vanilla OS is the way to go. 

Editorial standards