Windows Subsystem for Linux: Process Architecture

Download this episode

Download Video

Download captions

Download Captions


Once we had a better architectural understanding of how the whole Windows Subsystem worked, I thought we should get more into how processes actually run in this new context. It turns out to be way more interesting than I would have otherwise thought thanks to our resident superhero Nick Judge. He dives into a new kind of process called a "PicoProcesses" which are a brand new lightweight, secure process infrastructure coming to Windows 10. I thought this sounded a little scary until Nick explained how these things are governed and fit into the larger functionality that we've come to know as the Windows Subsystem for Linux (which enables Bash on Ubuntu on Windows). Enjoy!





Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Jason Fossen

      Great! Even more in depth like this would be nice, e.g., more about which syscalls are (not) supported, when full networking support will be added, if/when network daemons can be run with acceptable performance, support for Server Nano 2016/2018, when to use a Linux VM instead, if/when the Mono .NET Framework will be included by default, etc. Thanks!

    • User profile image

      cool stuff, Seth! Thx for making the several Linux on Windows related vidz. Like Jason I would like to request some more with a bit more technical detail :)

    • User profile image

      Really interesting. Was the research that first led to the Pico process concepts Drawbridge? In what way where was the original NT subsystem concept to support OS/2, posix, not flexible enough to support Linux - could these original subsystems be re-imagined through the Pico Process/Pico Driver model?

    • User profile image

      What are the security boundaries in detail around these new subsystem changes.

      As a security vendor for windows who monitors/controls  windows process execution via IRP_MJ_ACQUIRE_SECTION_FOR_SYNCHRONIZATION or other hooks in kernel mode in NT in general like PsSetCreateProcessNotifyRoutine and variants.

      How  can we control and manage the security boundaries around this new model of processes as a security product ?

      Can we hook the process creation (similar to PsSetCreateProcessNotifyRoutine ) ?


      Thanks for the video.

    • User profile image

      Great for Judge and others who are ready to bring our world in one bar of Linux work along side well as app shares with other divices therefore l wishe channel 9 to keep on campaign  on discovery of new techs for extending uses of application software s,subsoftware in Bridging window and Linux work together so that marketing can take new face.D.T.L

    • User profile image

      This is a very cool, and well-explained intro, to the tech behind Win10's Linux emulation/simulation tech.  Kudos to those who put it together!

      Having more talks like this about how Windows works, under-the-hood, would be awesome.

    • User profile image
      John Doe

      I wish the guy on the left would stop interrupting the guy on the right to ask stupid questions. Seriously, please stop "dumbing down" the Channel 9 content.

    • User profile image

      If processes from different subsystems can't see each other, how can the desktop window manager (as far as I know a Win32 application) see linux processes and render their windows to the desktop?

    • User profile image

      Now what would blow all of our minds is if I could run containers on LXSS :)

    • User profile image
      The The

      Or just run Linux? Wouldn't that be easier? And you get docker (cgroups) natively.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.