PrismaFS
Portable userspace filesystem with isolated session layer
PrismaFS is a lightweight, portable userspace filesystem that lets you compose multiple directory trees into a single transparent view - where all writes are captured in an isolated session layer, the originals are never touched, and discarding the session returns everything to exactly the state it was. PrismaFS acts as zero overhead wrapper around any directory on your system, bringing portable filesystem-level isolation to major Unix families, without needing a container runtime, a daemon, or root. Planned deliverables include symlink and full POSIX ownership support, Linux portability via libfuse, named and exportable sessions (enabling reproducible and shareable filesystem states), a rich session audit toolchain with native or portable GUI, cryptographic session signing for verifiable change records, and expanded synthetic dev namespace exposing live system state as readable files - bringing the Plan 9 philosophy of "everything is a file" directly into the merged view.
- The project's own website: https://github.com/goranb131/prismaFS
Why does this actually matter to end users?
When you run third party software on a computer, it is always a matter of second-guessing what really happens. Ideally you would want to be able to inspect what happened, but that is often difficult.
PrismaFS offers a solution. With a single mount command the base directory (or several, in priority order) is combined with a session layer. All reads are served transparently from the composed view, and all writes land exclusively in the session, leaving the original untouched. This allows running untrusted installers, testing system configuration changes, or auditing exactly what any program touches, then discarding it all with single command, no traces left. All of this makes it immediately useful for security operations, audits with no VM required, developer workflows (test configuration changes, run untrusted code, compose team shared and personal environments without conflicts), and embedded systems on FreeBSD where lightweight runtime isolation is needed without the overhead of jails or ZFS clones. No other tool brings portable filesystem-level isolation to major Unix families, including Apple's, without container runtime, a daemon, or root.
PrismaFS is implemented in portable C with no dependencies beyond FUSE and libc, distributed via Homebrew on macOS, targeting the FreeBSD ports tree as an early milestone, and open to packaging for Linux distributions, package managers, and static builds for environments without package management. Its synthetic namespace exposes CPU, memory, processes, and network interfaces as ordinary readable files, implementing the foundational principle that any system resource, not just storage, belongs in the filesystem: "everything is a file" pushed as far as Unix semantics have ever allowed.
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
