[iangudger]

> That obviously doesn't work for a linux-on-fuschia compat layer.

This isn’t actually true. gVisor contains full implementations of Linux syscalls and only relies on host syscalls being the same for some interoperability features between sandboxed and host applications. It would be completely possible to port gVisor to a non-Linux operating system.

[uluyol]

Right, it would be silly to intercept the syscalls and just pass them on as is to the host kernel. If you just want to validate/filter things for security reasons, there are existing Linux APIs for that.