
Windows Subsystem for Linux Architectural Overview - jackhammons
https://blogs.msdn.microsoft.com/wsl/2016/04/22/windows-subsystem-for-linux-overview/
======
MichaelGG
The Drawbridge[1] stuff is pretty interesting looking. I really wish MS would
ship a simple sandboxing solution, so I can run arbitrary binaries and
restrict them. The new Metro app stuff is cute, but doesn't help with the
millions of existing binaries. Nor does it seem very user-friendly or useful,
for that matter.

1: [http://research.microsoft.com/en-
us/projects/drawbridge/](http://research.microsoft.com/en-
us/projects/drawbridge/)

~~~
voltagex_
A UWP sandboxing solution was demoed at Build this year and will ship as part
of the Anniversary Update (SDK?). Apparently even Age of Empires II worked
under it.

~~~
contextfree
Centennial isn't really a sandbox in the sense I think the poster above you
meant - while processes have their reads/writes to certain filesystem/registry
locations virtualized by default, this isn't a security boundary as they
ultimately run at medium trust and can do anything the user can do.

AppContainer is the security sandbox used by modern apps (aka Metro/UWP). It
can be used independently of other aspects of the modern app model - e.g.,
Chrome uses it to sandbox content processes - although this isn't documented
very well (which I guess was what GP was complaining about?) and it seems like
trying to sandbox apps that weren't designed to be sandboxed, as GP was
wanting, would have inherent compatibility problems?

------
chris_wot
This is fascinating :-) I was wondering if they leveraged their environment
subsystem framework - nice to have this confirmed!

A long time ago I wrote the Wikipedia article on the architecture of Windows
NT. It obviously needs an update, but I think it's still quite relevant and
explains in a vastly simplified manner how Windows Fitz together.

It can be found here:

[https://en.m.wikipedia.org/wiki/Architecture_of_Windows_NT](https://en.m.wikipedia.org/wiki/Architecture_of_Windows_NT)

There is a block diagram that I think is also helpful:

[https://en.m.wikipedia.org/wiki/Architecture_of_Windows_NT#/...](https://en.m.wikipedia.org/wiki/Architecture_of_Windows_NT#/media/File%3AWindows_2000_architecture.svg)

------
CurtHagenlocher
It's interesting that this was enabled by the Drawbridge work. I was somewhat
under the impression that Drawbridge was dead and/or superseded by other
container-related projects. It's often weirdly hard to find out what's going
on with some particular Microsoft project or technology, even for those of us
who are employees. I was pretty excited about Drawbridge ~3 years ago when I
was working with it but it subsequently seemed to have vanished.

~~~
Josteniok
I created an account just to reply to this. You said, "It's often weirdly hard
to find out what's going on with some particular Microsoft project or
technology..." I was just thinking that very thing today. Why is that?

~~~
13of40
It's not as bad as Amazon, apparently. I've known people there who say
everything is compartmentalized. At Microsoft, it's typically only the
bleeding edge stuff they keep secret internally.

~~~
JdeBP
Keeping things secret is only a part of the problem. Corporate utter
forgetfulness of the past is another. Consider the tale related by Stephen
Walli (referenced at
[https://news.ycombinator.com/item?id=11560510](https://news.ycombinator.com/item?id=11560510))
about the Microsoft people who didn't even know that Microsoft had the
SFUA/SUA with Windows NT.

> "I had to explain to the [Windows High Performance Computing team] that they
> already owned the technology they needed, but to no avail. They couldn't get
> their head around the idea."

------
xgbi
I cannot stop thinking that soon they will announce a native implementation of
Docker on top of all that.

~~~
justincormack
They have not implemented namespaces or cgroups in the Linux emulation, so I
doubt it. Docker on Windows will only run Windows binaries.

------
morekozhambu
So, its kind of LINE for Windows like WINE for Linux.

~~~
jacobush
There is, or was a program called LINE doing just that.

------
superobserver
While this is an interesting technical overview, could anyone give me an idea
of how to reinstall lxrun? The blasted thing doesn't work for me anymore and
there's basically no documentation on how to fix it other than reinstalling
Windows 10. Yes, I've tried lxrun /uninstall /full followed by lxrun /install.

Edit: in fact, I think the problem with my installation has to deal with
Windows' NTFS not natively being capable of understanding the lxss file
attributes...

~~~
tacos
Delete the directory. And don't touch it from the Windows side ... don't copy
anything into it. It's definitely early alpha quality.

~~~
superobserver
By delete, do you mean I can delete %APPDATA%\Local\Lxss from the Windows
side? I don't think that will work, as I've already tried that.

~~~
cremno
Have you stopped lxssmanager?

[https://msdn.microsoft.com/en-us/commandline/wsl/faq#how-
do-...](https://msdn.microsoft.com/en-us/commandline/wsl/faq#how-do-i-fully-
uninstall-wsl-)

~~~
superobserver
This might actually work. Thanks!

------
zrm
> The primary role of SUA was to encourage applications to get ported to
> Windows without significant rewrites.

Is this a supported use of the Linux subsystem?

Running native Linux apps directly is great if it works but there are going to
be cases where the app would 99% work except for that one thing Linux has and
the Linux subsystem doesn't. Maybe Microsoft doesn't provide a tun/tap driver
so you need to use TAP-Windows.

It would be convenient to be able to change only that without having to worry
about the subtle differences in the Windows version of inet_ntop() and the
call to make a socket non-blocking and that Unicode on Windows is UTF-16
instead of UTF-8 and so on.

~~~
venomsnake
Microsoft are insane about providing compatibility when it suits them. It will
work - if they see a business case for it.

~~~
cududa
I was just thinking after reading this - sure there were some engineering
marvels that enabled this, but for the implementation it was just rote work
with the sheer manpower Microsoft can muster up. That in itself is just really
impressive.

Edit: giving it more thought, a Mozilla engineer recently demo'd an immediate
mode rendering engine that him and one other dev wrote in 9 months, with
feature parity of modern browsers. So either way - big engineering effort or a
couple '10x developers' \- pretty impressive .

~~~
mamon
>> big engineering effort or a couple '10x developers' \- pretty impressive

Or, being Mozilla engineer for quite some time he had enough domain knowledge
to do that.

Or he found a clever way to reuse good parts of Mozilla code with just enough
changes to avoid copyright infringement lawsuit.

~~~
cyphar
> Or he found a clever way to reuse good parts of Mozilla code with just
> enough changes to avoid copyright infringement lawsuit.

If he used code from free software he wouldn't be liable for copyright
infringement, because that's the point of free software.

------
netheril96
So `fork` is still expensive?

~~~
viraptor
Does the fork performance really matter these days anymore? I mean comparing
from one side to the speed of loading the app itself, fork is usually super
cheap; on the other comparing to per-process async event handling, it's so
slow pretty much nobody uses it this way for network apps anymore. What's the
use case for a fast fork today?

~~~
poooogles
Redis uses fork to save to disk.

~~~
viraptor
Does fork on windows actually block parent for a long time, or does it only
delay the child? I thought it was the latter, which shouldn't affect Redis.
(but I may be wrong)

------
Slix
Does this enable running Docker containers of Linux things in Windows? Would
that enable an improvement on Docker's VirtualBox workaround?

------
slmyers
I tried to use bash on my windows machine... signed up for insider preview
etc.

My machine consistently states a restart will force an update that will allow
me to use bash, but it doesn't happen.

I gave up and went back to my ubuntu.

~~~
partiallypro
Not to be a dick, but you're probably not doing it correctly. It asks you to
reboot on the spot, for one. When I first tried to do it, I couldn't figure it
out without instruction. It's a fairly long process considering it's just a
simple item. It should be as easy as switching on Hyper-V...but it's not.
Granted it's still in beta.

[http://www.howtogeek.com/249966/how-to-install-and-use-
the-l...](http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-
bash-shell-on-windows-10/)

