Despite the fact that there is not much news about the Fuchsia OS, the project continues to develop, and very actively. The proof is a message from developers about their plans to implement a mechanism for running unmodified programs that are built for Linux.
To run Linux programs in the user space, it is planned to provide a “Starnix” layer that provides compatibility with the Linux ABI.
In the developed layer, the system interfaces of the Linux kernel are implemented in a handler that runs as a process for the Fuchsia OS, running in user space and translating requests from Linux programs into calls to the corresponding Fuchsia subsystems. It is noted that during the development of the project, many Fuchsia subsystems will have to be modified to implement all the system interfaces available in Linux. The Starnix architecture largely follows the Windows Subsystem for Linux used in Windows to translate Linux system calls into Windows system calls.
The code of the layer will be written in Rust in order to reduce problems with vulnerabilities. The developers believe that this programming language will help minimize the risk of vulnerabilities that can be exploited to raise the privileges of a Linux process to the starnix process itself. Fuchsia’s full-time protection mechanisms will also be used for this purpose.
For instance, when accessing a file system, network stack, or graphics subsystem, Starnix will translate the requests, converting the Linux ABI to the Fuchsia System ABI. This, in turn, will allow you to use the same restrictions that are used for normal processes in Fuchsia. The standard Linux mechanisms for controlling permissions will also be used.
Fuchsia OS and Linux
It is worth noting that the OS developers have developed the ability to run Linux applications under Fuchsia before. But they used an implementation that is similar to what is used in Chrome OS. In general, you can understand them, because Fuchsia is a kind of Google pet project. Previously, for compatibility with Linux, it was proposed to use the Machina library, which runs Linux software in a special virtual machine, which is formed by a hypervisor based on the Zircon kernel and VirtIO specifications.
The use of virtualization is not discounted, since the full implementation of the Linux system interface is a non-trivial task. In addition to the Starnix layer, it is possible to create a mechanism for running Linux executables using the Linux kernel running in a separate virtual machine. This method is noted as the easiest to implement, but also the most resource-intensive. At one time, Microsoft started developing its Linux compatibility layer with a compiler, but eventually switched to using the native Linux kernel in Windows Subsystem for Linux 2.
In addition, Fuchsia already provides a POSIX Lite compatibility layer running on top of the Fuchsia System ABI. POSIX Lite allows you to run some Linux programs, but requires recompilation of the application code, and in some cases, modification of the source code. One of the problems with POSIX Lite is the incomplete implementation of all POSIX features, including calls to change the global state of processes (for example, the kill function), which are at odds with the security concepts in Fuchsia that prohibit changing the global state. The use of POSIX Lite justifies itself in the process of porting open applications, but does not solve the problems with running programs for which there is no access to the code (for example, it is impossible to achieve compatibility with Android applications containing compiled native inserts).
Remember that as part of the Fuchsia project, Google is developing a universal operating system that can run on all types of devices, from workstations and smartphones to embedded and consumer devices. The development is based on the experience of creating the Android platform and takes into account the shortcomings in the field of scaling and security.
We can see that Google may be intending for Fuchsia to support Android apps, without any exceptions, as apps that use the Android NDK to write in C or C++. For sure,in the long run, Starnix should only be used as a temporary measure to allow more widespread use of the Google Fuchsia OS, while waiting for developers to migrate their applications to the new OS. Nearly in any situation, a native Fuchsia app should perform better than a Linux or Android app running through Starnix.
However, Starnix Fuchsia is only at the proposal stage, and a significant amount of work needs to be done to have something like proper Android/Linux compatibility with Fuchsia/Zircon. To avoid the pitfalls of such an enterprise, Google studies the successes and failures of similar projects, such as the original Windows subsystem for Linux (WSL1).