Skip to content

Draft: Get WSL working from service

June requested to merge wsl-refactor into main

This is an attempt to get WSL working while having RKM run as the SYSTEM user, as outlined in #9. Resolves #9. Resolves #10.

This is currently blocked by an issue where the store version of wsl.exe can't be used if running from session 0. Unfortunately this is a bug that has been in the store release forever, and there's no ETA on an actual fix: https://learn.microsoft.com/en-us/windows/wsl/store-release-notes

My thoughts here are that this is caused by the extra sandboxing and permission jank that comes with installing a store app (basically C:\Program Files\WindowsApps has such restrictive permissions that it's really awkward to use). If we unpack the .msixbundle and .msix files (they're just ZIPs), can we manually register the required components on the system with the permissions we need to make this work?

The stuff that looks relevant is the AppxManifest.xml file, which contains this content:


    <Application Id="wsl" Executable="wsl.exe" EntryPoint="Windows.FullTrustApplication" uap10:Parameters="--cd ~">
      <uap:VisualElements DisplayName="ms-resource:AppName" Description="ms-resource:AppDescription" BackgroundColor="transparent" Square150x150Logo="Images\Square150x150Logo.png" Square44x44Logo="Images\Square44x44Logo.png">
        <uap:DefaultTile Wide310x150Logo="Images\Wide310x150Logo.png" ShortName="ms-resource:AppShortName" Square71x71Logo="Images\SmallTile.png" Square310x310Logo="Images\LargeTile.png"/>
        <uap:SplashScreen Image="Images\SplashScreen.png"/>
      </uap:VisualElements>
      <Extensions>
        <desktop6:Extension Category="windows.service" Executable="wslservice.exe" EntryPoint="main">
          <desktop6:Service Name="WslService" StartupType="auto" StartAccount="localSystem">
          </desktop6:Service>
        </desktop6:Extension>
        <uap3:Extension Category="windows.appExecutionAlias" Executable="wsl.exe" EntryPoint="Windows.FullTrustApplication">
          <uap3:AppExecutionAlias>
            <desktop:ExecutionAlias Alias="bash.exe"/>
            <desktop:ExecutionAlias Alias="wsl.exe"/>
            <desktop:ExecutionAlias Alias="wslconfig.exe"/>
          </uap3:AppExecutionAlias>
        </uap3:Extension>
        <uap3:Extension Category="windows.appExtension">
            <uap3:AppExtension Name="com.microsoft.windows.wsl" Id="Wsl-EntryPoint" DisplayName="WSL entry point" Description="Entry point for the Windows Subsystem for Linux" PublicFolder="Public">
                <uap3:Properties>
                    <Clsid>{a9b7a1b9-0671-405c-95f1-e0612cb4ce7e}</Clsid>
                    <EntryPoint>wsl.exe</EntryPoint>
                </uap3:Properties>
            </uap3:AppExtension>
        </uap3:Extension>
        <com2:Extension Category="windows.comServer">
          <com2:ComServer>
            <com3:ServiceServer ServiceName="WslService" LaunchAndActivationPermission="O:SYG:SYD:(A;;11;;;WD)(A;;11;;;RC)(A;;11;;;AC)(A;;11;;;AN)S:P(ML;;NX;;;S-1-16-0)">
              <com3:Class Id="f122531f-326b-4514-85ae-dc99d31d8256" DisplayName="LxssUserSession"/>
            </com3:ServiceServer>
            <com:SurrogateServer DisplayName="WslDeviceHost_VirtioFs" AppId="72075277-282A-420A-8C25-62BFCB94C71E">
              
              <com:Class Id="60285AE6-AAF3-4456-B444-A6C2D0DEDA38" Path="wsldevicehost.dll" ThreadingModel="Both"/>
            </com:SurrogateServer>
            <com:SurrogateServer DisplayName="WslDeviceHost_VirtioPmem" AppId="5197C949-B19B-4CFA-878B-BE9B47992905">
              
              <com:Class Id="1D5CE30F-C0EF-4182-83BA-196F9DE07BB9" Path="wsldevicehost.dll" ThreadingModel="Both"/>
            </com:SurrogateServer>
          </com2:ComServer>
        </com2:Extension>
        <com2:Extension Category="windows.comInterface">
          <com2:ComInterface>
            <com:Interface Id="50047071-122c-4cad-9c93-94720eb77b06" ProxyStubClsid="9939e9a8-6c85-450e-9676-26fea1b49d24"/>
            <com:ProxyStub Id="9939e9a8-6c85-450e-9676-26fea1b49d24" Path="WslServiceProxyStub.dll"/>
          </com2:ComInterface>
        </com2:Extension>
      </Extensions>
    </Application>
    <Application Id="wslg" Executable="wslg.exe" EntryPoint="Windows.FullTrustApplication">
      <uap:VisualElements DisplayName="wslg.exe" Description="Windows Subsystem for Linux Graphical Application Host Process" BackgroundColor="transparent" Square150x150Logo="Images\Square150x150Logo.png" Square44x44Logo="Images\Square44x44Logo.png" AppListEntry="none">
      </uap:VisualElements>
      <Extensions>
        <uap3:Extension Category="windows.appExecutionAlias" Executable="wslg.exe" EntryPoint="Windows.FullTrustApplication">
          <uap3:AppExecutionAlias>
            <desktop:ExecutionAlias Alias="wslg.exe"/>
          </uap3:AppExecutionAlias>
        </uap3:Extension>
      </Extensions>
    </Application>
    <Application Id="wslhost" Executable="wslhost.exe" EntryPoint="Windows.FullTrustApplication">
      <uap:VisualElements DisplayName="wslhost.exe" Description="Windows Subsystem for Linux Host Process" BackgroundColor="transparent" Square150x150Logo="Images\Square150x150Logo.png" Square44x44Logo="Images\Square44x44Logo.png" AppListEntry="none">
      </uap:VisualElements>
      <Extensions>
        <com2:Extension Category="windows.comServer">
          <com2:ComServer>
            <com:ExeServer Executable="wslhost.exe">
              <com:Class Id="a9b7a1b9-0671-405c-95f1-e0612cb4ce7e" DisplayName="WslSupport"/>
            </com:ExeServer>
            <com:ExeServer Executable="wslhost.exe" Arguments="-ToastActivated" DisplayName="Toast activator">
              <com:Class Id="c8f673a8-4bab-420e-94e3-bfdb19740697" DisplayName="Toast activator"/>
            </com:ExeServer>
          </com2:ComServer>
        </com2:Extension>
        
        <desktop:Extension Category="windows.toastNotificationActivation">
          <desktop:ToastNotificationActivation ToastActivatorCLSID="c8f673a8-4bab-420e-94e3-bfdb19740697"/> 
        </desktop:Extension>
      </Extensions>
    </Application>
    <Application Id="msrdc" Executable="msrdc.exe" EntryPoint="Windows.FullTrustApplication">
      <uap:VisualElements DisplayName="msrdc.exe" Description="Microsoft Remote Desktop Client" BackgroundColor="transparent" Square150x150Logo="Images\Square150x150Logo.png" Square44x44Logo="Images\Square44x44Logo.png" AppListEntry="none">
      </uap:VisualElements>
      <Extensions>
        <uap3:Extension Category="windows.appExecutionAlias" Executable="msrdc.exe" EntryPoint="Windows.FullTrustApplication">
          <uap3:AppExecutionAlias>
            <desktop:ExecutionAlias Alias="msrdc.exe"/>
          </uap3:AppExecutionAlias>
        </uap3:Extension>
      </Extensions>
    </Application>

Of note, it looks like we need to:

  • Register a Windows service
  • Register some COM servers
  • Register some COM interfaces

and that's about it. If we can do all of that manually and have WSL itself isolated, then I think we're in for a good chance of this working.

Merge request reports