[krylon]

Yes. That is part of the idea. So the vulnerability is isolated and does not automatically compromise the entire system.

[aceofspad3s]

Who cares? In consumer devices, userspace is the entire system.

[greenhouse_gas]

Well, not in i.e Android.

For example, I have an app that has a vulnerability (let's say my alarm app accidentally runs unauthorized code). What can it do? Nothing. It can't read from my banking app, it can't get my SSH keys, it may not even be able to read from my SD card.

But what happens when my Linux kernel is also compromised? Any app can get root.

[lobster_johnson]

It's not just one userspace. Fuchsia is capabilities-oriented, when apps are sandboxed by default and only get access to the services it has been granted access to.