having seen this brought up in another thread I decided to go looking for more information on it. Lots of people parroting the same few sentences from Apple, but very little actual explanation for WHAT it is and HOW it works. So I finally ran into this and thought I'd share it:
http://www.quora.com/Can-someone-elaborate-on-the-OS-X-10-11-feature-called-RootlessIt's much more than just an iOS thing. The gist is it's a new file attribute that can be set, just like Locked or Invisible, that when set, will only allow access by code whose chain of authority comes from code signed by Apple. In a way it's a bit like the SCHG flag, the "super lock", that you can set, but cannot UNset, even as root. (to remove SCHG, you have to reboot, and drop into single user mode and change it then - once kernel mode has gone up a notch during boot, a process that cannot be reversed, SCHG cannot be unset even by root)
So Apple is expected to use this to protect key files from modification/replacement as part of the "iOS rooting" process. If someone finds an exploit to get root, it will no longer simply be a case of making the usual file system changes - the "rootless" protection of those key files will also have to be dealt with. This means that it will be necessary to find an exploit in a piece of software signed by Apple, not just any exploit such as in Java or Flash. "Getting Root" isn't enough to root the phone anymore.
Apple has essentially raised the bar on the trust level when making changes to critical system files. I don't think I like where that's going, because it locks ME out of my own stuff. I can't just "sudo -s" or login as root and get a root prompt and go make a change/fix that I want to. It really nerfs root, to the point where it's arguably NOT root anymore. It's not root anymore just the same as I, as a system administrator, aren't root. The difference being I can GET root, but root isn't the root it used to be anymore...