How sandboxing works in Fuchsia

"dev, gn, /svc, /pkg, PA_VMAR_ROOT" Hate this old unix approach for name shortening, what makes them unreadable and non intuitive. If they break compatibility anyway, they could name things in a way, that people can read like a book.

Except you can&#x27;t sandbox or virtualize the clock because mx_time_get() doesn&#x27;t require a handle, which makes timing attacks easier.<p>You also can&#x27;t sandbox event and channel creation for the same reason. It looks like these can also DoS the kernel. In general, any operation you can perform without a handle tends to be subject to DoS and you can&#x27;t virtualize it. They&#x27;re also subject to a different access control policy than the rest of the system which is based around handles.<p>And it&#x27;s not really necessary. Just reserve the first few handles in a process table for a clock handle, a channel constructor&#x2F;factory handle and an event constructor&#x2F;factory handle, and now these operations can be fully virtualized and they aren&#x27;t subject to DoS because they can be rate-limited or at least traced back to specific handles which can be revoked.<p>Without tracing every operation to a handle, you have to pollute your model with more infrastructure to track this information, as with channels and events in Fuschia.<p>[1] <a href="https:&#x2F;&#x2F;fuchsia.googlesource.com&#x2F;magenta&#x2F;+&#x2F;master&#x2F;docs&#x2F;concepts.md" rel="nofollow">https:&#x2F;&#x2F;fuchsia.googlesource.com&#x2F;magenta&#x2F;+&#x2F;master&#x2F;docs&#x2F;conce...</a>

Here are a couple of YouTube video&#x27;s showing the early stages of the Fuchsia UI:<p><a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=MPhQ-8fXft8" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=MPhQ-8fXft8</a><p><a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=Vu0VGj5xf60" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=Vu0VGj5xf60</a>

How to request capabilities at run time?<p>Android has shown that the approach of asking for a list of capabilities while installing does not work for user-facing applications. Apps will grab just as much as capabilities as possible and users will blindly accept the long list without reading.

So I&#x27;m not clear what the puropse of fuchsia is. I understand it&#x27;s an os which may replace android or chomeos but why the move away from linux based systems? Both are open source platforms.

Android for all practical purposes is as good as a closed ecosystem with apps tied to closed source Google services and the inability to run Linux on your Android phones. This kind of lip service and self serving tip toeing around the spirit of open source in many ways does more harm to open source than closed source.<p>How is it that devices drivers that work on Android perfectly are not available for use on Linux? What purpose does this kind of &#x27;open source&#x27; then serve?<p>Between Arm, its licensees and Google the ball is kicked around with open source devs struggling for years to make things work. Yet the narrative is this is no one&#x27;s fault least of all Google and Arm, the 2 most powerful forces in the Android ecosystem.<p>Google the planet&#x27;s largest spyware and adware company is now making its own kernel. More power to them but given their track record healthy skepticism of their objectives and agenda is called for.

My take is that Fuchsia is Google&#x27;s attempt to unify their mobile ecosystem under one proprietary OS like Apple does with iOS (yes, yes I hear you, &quot;But Darwin is OSS...&quot; try making that into iOS though...): which is a good move for Google.

If you&#x27;re going to have capability-based security, please be louder and prouder about it.

Too bad Fuchsia isn&#x27;t also written in Rust.

Sound like Genode: <a href="http:&#x2F;&#x2F;genode.org&#x2F;documentation&#x2F;general-overview&#x2F;index" rel="nofollow">http:&#x2F;&#x2F;genode.org&#x2F;documentation&#x2F;general-overview&#x2F;index</a>

Sounds kind of like the rebirth of plan9