Write once, read many (WORM) using Linux file system
Solution 1:
You can sort of do this with OpenAFS and read-only volumes. It's a lot of infrastructure to install to make it work however and might not meet the requirements.
http://www.openafs.org/
Basically, there is a writeable volume and one or more read-only copies of the volume. Until you release the writeable volume, the read-only copies are unchangeable to clients. Releasing the volume requires admin privileges.
It seems like any solution would require either specialized hardware or a network file system that duplicates the semantics of specialized hardware.
Solution 2:
It seems that there is no way to do this without writing custom file system / kernel code.
A viable solution appears to be to use Amazon Glacier with WORM archive storage option. According to the AWS Official Blog at: https://aws.amazon.com/blogs/aws/glacier-vault-lock/
[...] a new Glacier feature that allows you to lock your vault with a variety of compliance controls that are designed to support this important records retention use case. You can now create a Vault Lock policy on a vault and lock it down. Once locked, the policy cannot be overwritten or deleted. Glacier will enforce the policy and will protect your records according to the controls (including a predefined retention period) specified therein.
You cannot change the Vault Lock policy after you lock it. However, you can still alter and configure the access controls that are not related to compliance by using a separate vault access policy. For example, you can grant read access to business partners or designated third parties (as sometimes required by regulation).
For me, this provides exactly what is needed without the expense of NetApp or EMC hardware, while appearing to meet the record retention requirements.