
Noah: Bash on Ubuntu on macOS - prabirshrestha
https://github.com/linux-noah/noah
======
oautholaf
This runs linux binaries on darwin. You know what would be awesome? Running
darwin binaries on linux so I can do iOS development without a Mac.

~~~
peatmoss
Binary compatibility is one path, but another path is source / API
compatibility. That’s been more or less a dream for a long while, with a
fairly far along implementation:

[https://en.wikipedia.org/wiki/GNUstep](https://en.wikipedia.org/wiki/GNUstep)

But for whatever reason, it’s not really caught on. Even Mono managed to chase
C# / .Net more impactfully than GNUStep has chased Cocoa.

Had GNUStep ever become more widely used amongst the Free *nixen, I feel like
we could have had a credible, open alternative path to macOS/iOS (not to
mention Linux) development.

~~~
jacobush
ElementaryOS with Gnustep beneath is my daydream.

------
jbergknoff
I wonder if this could be used to get Docker running on a Mac without painful
file system performance (a la Docker for Mac, running Linux in a VM). Could
something like this project work for that? Are there Darwin equivalents for
container stuff like namespaces?

~~~
justincormack
Maybe it could work. The Mac is odd though in not having bind mounts so it is
not going to be easy to fix the filesystem performance using this. Would use
less memory though potentially. Maybe you could fake binds in the emulation
layer.

(I work at Docker and used to work on Docker for Mac).

------
macintux
I think there’s an English as a second language problem with the title.

As oautholaf points out, this is a subsystem that runs Linux binaries under
Darwin, not a subsystem for Darwin compatibility under Linux.

~~~
kentonv
It's presumably modeled after:
[https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux](https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux)

~~~
msla
It's wrong because of where the "Subsystem" is, and because you start parsing
the sentence with that word.

OK, it's a "Subsystem", which is a subset of a system. What kind of subsystem?
A Windows subsystem! This part of the system does Windows... and you're
already wrong. The Windows part isn't what the subsystem _does_ , it's what
the subsystem is _a subset of_. The subsystem _does_ Linux and it's _part of_
Windows. Saying it's a Windows Subsystem for Linux implies it's something like
WINE, only moved into the kernel, if you're old enough to remember the
"personalities" concept.

~~~
mehrdadn
An alternative explanation for anyone who's still confused: it's one of
Windows's potentially many subsystems -- i.e., it's Windows's _Linux_
Subsystem -- and hence it's the _Linux_ Subsystem for Windows, not the Windows
Subsystem for Linux.

That said, I think their interpretation was likely different: it's the
=Windows subsystem that is _meant for_ Linux, kind of like how earlier they
had SUA, the (Windows) Subsystem (meant) for Unix-based Applications.

------
geofft
I've been wondering if something like this could be done, but using actual
syscalls - tagging processes as Linux or Darwin and dispatching syscalls
differently, as with Linux personalities or (AIUI) Solaris branded zones -
instead of with a hypervisor. I think you could do this with a kernel module
that hooked the syscall entry point, assuming SIP lets you do such a thing.
I'm surprised they used a VMM, but I guess it's not that hard to implement via
Hypervisor.framework.

Maybe there's no significant overhead to a VMM if it's hardware-accelerated?

~~~
saagarjha
With SIP enabled you are still free to load arbitrary “signed with an Apple-
approved signature” kernel extensions, so I don’t see why your technique
wouldn’t be possible. You’re natively executing most of the code and
intercepting syscalls either way, so I doubt there would be much of a
difference in performance. I haven’t done anything serious with noah but it’s
been relatively performant.

------
nzoschke
Very cool.

I found this presentation by the authors of Noah that explains more about how
it works:

[https://events.static.linuxfound.org/sites/events/files/slid...](https://events.static.linuxfound.org/sites/events/files/slides/Noah%20Hypervisor-
Based%20Darwin%20Subsystem%20for%20Linux.pdf)

------
xucheng
I wonder can this be used as a replacement to XQuartz? Especially, if what I
only need is for ssh X11 forwarding.

BTW, XQuartz seems to be dead now.

~~~
bitwize
That's for two reasons:

1) Mac users are persnickety about UI and cannot suffer to use the standard
tatty UI that prevails in the Linux desktop world.

2) X in general is moribund, as everyone knows Wayland is the future. What's
really needed now is a Wayland compositor that can render to Quartz.

Anyway, XQuartz doesn't give you the capability to run Linux binaries -- only
to run software commonly available under Linux that's been source-compiled to
macOS. Noah allows you to run a full Linux binary distribution under macOS
without virtualization.

~~~
xucheng
The only use case of XQuartz for me is the ability to ssh into a Linux server
with X11 forward so I can remotely control the GUI app running in the server.
That’s why I ask whether Noah would be good replacement for such purpose.

I agree with you that Mac users are persnickety about UI. In fact, one of my
complaints on XQuartz is the lack of retina support. As for wayland, as far as
I understand, it does not support network forwarding (yet?)

~~~
bitwize
> As for wayland, as far as I understand, it does not support network
> forwarding (yet?)

Indeed, because Nobody Uses That.

------
Wowfunhappy
How well does this work in practice? What is compatibility like? I assume most
GUI apps don't run?

~~~
saagarjha
I have used this successfully to demo throwing shellcode at vulnerable
(command-line) binaries and getting a shell when I’m too lazy to fire up a VM,
and it does a pretty good job of this. Unfortunately ptrace isn’t supported,
or I’d ditch the VM entirely and be able to use a debugger when writing and
testing exploits in addition to just demonstrating them.

------
heyjudy
Why not just use a proper hypervisor? Emulation is fragile, imperfect and not
a good use of time.

~~~
0xcde4c3db
I assume that by "proper hypervisor", you mean a hypervisor that runs a full
kernel. This project does use a hypervisor, but apparently only to set up
memory mapping and trap the syscalls for translation. Hypervisors that run a
full kernel typically end up emulating hardware host interfaces, which leads
to its own set of challenges and often introduces overhead that isn't present
when emulating at the kernel ABI level (e.g. operations going through both the
guest and host VFS/FS/SCSI stacks). I don't think it's obvious that one
approach is clearly superior to the other overall.

