Flower News: Fuchsia OS Developers To Add Support For Running Unmodified Linux Programs



Despite the fact that there is little news about Fuchsia OS, the project continues to develop and is very active. Proof - A message from the developers about their plans to implement a mechanism to run unmodified programs that are built for Linux.



This mechanism is based on a special "layer", which is called starnix. It is she who provides compatibility with the Linux ABI.



The Linux kernel system interfaces are implemented in a handler that runs as a process for the Fuchsia operating system. The process works in user space, translating requests from Linux programs into calls to the corresponding subsystems of the OS. During the development of this project, many subsystems will have to be modified so that all the necessary system interfaces are available to users.



The architecture of the "layer", according to the developers, strongly resembles a similar subsystem for Windows, which is called Windows Subsystem for Linux. It is also used to translate Linux system calls to Windows system calls.



The interlayer code will be written in Rust to mitigate vulnerability issues. The developers believe that this programming language will help minimize the risk of vulnerabilities that can be exploited to elevate the privileges of a Linux process to the starnix process itself. For this, the standard Fuchsia protection mechanisms will also be used.



Example: When accessing the file system, network stack or graphics subsystem, starnix will translate requests, converting the Linux ABI to the Fuchsia System ABI. This, in turn, will allow for the same restrictions that are used for normal processes in Fuchsia. The standard Linux authorization mechanisms will also be used.





It is worth noting that the OS developers have developed the ability to run Linux applications under Fuchsia earlier. But they used an implementation that is similar to the one used in Chrome OS. In general, you can understand them, because Fuchsia is a kind of pet-project of Google. Previously, for compatibility with Linux, it was proposed to use the Machina library, which runs Linux software in a special virtual machine, which is formed through a hypervisor based on the Zircon kernel and VirtIO specifications.



As far as you can tell, virtualization will be used in parallel in Fuchsia, since it is not so easy to implement the Linux system interface. Most likely, virtualization will be used in conjunction with the "layer". In this case, the Linux kernel will run in a separate virtual machine, which is not bad, but requires resources. It is due to the resource intensity that the Microsoft team that worked on Windows Subsystem for Linux dropped the translator and used the native Linux kernel in WSL 2.



By the way, the developers of Fuchsia also eat their bread for a reason - the OS already provides the POSIX Lite compatibility level, which works on top of the Fuchsia System ABI. All this allows you to run a number of Linux programs, but you need to recompile the applications or even modify the source code. One problem with POSIX Lite is the incomplete implementation of all POSIX features.



The main problem here is the lack of support for calls to change the global state of processes, including kill. Accordingly, if there is a discrepancy with the safety concepts in Fuchsia, then changing the global state is prohibited. However, using the lite version of POSIX pays off when porting open source applications. True, there is a problem with running programs that do not have access to the code.



As for Fuchsia, it is a universal OS: where exactly it will be used is still unknown. However, it is compatible with almost any type of device, including workstations, smartphones, IoT devices, and consumer electronics. Development is carried out taking into account the experience of creating an Android platform and shortcomings in the field of scaling and security.



The basis of the new operating system is the Zircon microkernel, which, in turn, is based on the developments of the LK project.





The project has been relatively active for several years, with suggestions published on the network that Google is developing it as an alternative to Android. All this time, the OS continued to evolve. For example, in 2017 it was reported that the OS received a new user interface, command line capabilities, and several more features. In 2018, Google released a new version of its OS, which could already be tested.



Fuchsia has its own GUI which is written in Dart using the flutter framework.



In addition, the project develops:



  • framework for building user interfaces Peridot;
  • Fargo package manager;
  • standard library libc;
  • rendering system Escher;
  • Vulkan driver Magma;
  • Scenic composite manager;
  • file systems MinFS, MemFS, ThinFS (FAT in Go language) and Blobfs
  • FVM partition manager.


For application development, support for C / C ++, Dart is provided, Rust is also allowed in system components, Go is allowed in the network stack, and Python is used in the language assembly system.





The system manager is used for loading, which works with appmgr to create the initial software environment. Sysmgr and basemgr are used to form the boot environment and user environment, respectively.



To protect the system, a "sandbox" is used, which does not give new processes access to kernel objects, moreover, no memory is allocated for them and no code is run. Accessing resources is handled by a namespace system that defines the permissions available. The sandbox uses a framework to create custom components that can interact with other components through IPC.






All Articles