[PlutoIsAPlanet]

in the case of Silverblue

- Pushes the use of containers for apps, /usr is read-only (mostly). in most cases Flatpak and Podman/Docker/Distrobox/Toolbox

- Makes reproducible builds, your /usr is the base fedora image + whatever you have explicitly configured to add, the latter part makes it very easy to customise the base OS and undo changes (which are tracked), or share changes with others.

- Updates are atomic, you pull the power cord during an update? no bueno will just boot the old deployment. Additionally, because the system is always in a known and immutable state, updates should always work without any kind of dependency/package issue, your swapping one /usr for another.

- Makes malware harder as /usr is read only and you can use composefs to make sure content isn't changed, not really that secure though given any malware can just infect the initramfs

[prmoustache]

Aren't malware nowadays targetting the home directory? with so many users installing executables, language interpreters or cloud management binaries in their homedir I wouldn't even bother trying to elevate privileges and/or infect /usr if I was writing a malware. Especially as all the interesting parts that are worth being stolen are also in the homedir.

[PlutoIsAPlanet]

Yeh all you need to really do is just alias sudo in the shell profile and you can steal the users password to elevate to root.

Flatpak/Containers can prevent it but permissions are up to the developer/packager.