# sysrc linux_enable="YES"
Chapter 12. Linux Binary Compatibility
Table of Contents
12.1. Synopsis
FreeBSD provides optional binary compatibility with Linux®, commonly referred to as Linuxulator, allowing users to install and run unmodified Linux binaries. It is available for the x86 (both 32 and 64 bit) and AArch64 architectures. Some Linux-specific operating system features are not yet supported; this mostly happens with functionality specific to hardware or related to system management, such as cgroups or namespaces.
Before reading this chapter, you should:
Know how to install additional third-party software.
After reading this chapter, you will know:
How to enable Linux binary compatibility on a FreeBSD system.
How to install additional Linux shared libraries.
How to install Linux applications on a FreeBSD system.
The implementation details of Linux compatibility in FreeBSD.
12.2. Configuring Linux Binary Compatibility
By default, linux(4) binary compatibility is not enabled.
To enable the Linux ABI at boot time, execute the following command:
Once enabled, it can be started without rebooting by executing the following command:
# service linux start
This is enough for statically linked Linux binaries to work.
The Linux service will load necessary kernel modules and mount filesystems expected by Linux applications under /compat/linux. They can be started in the same way native FreeBSD binaries can; they behave almost exactly like native processes and can be traced and debugged the usual way.
The current content of /compat/linux can be checked executing the following command:
# ls -l /compat/linux/
The output should be similar to the following:
total 1 dr-xr-xr-x 13 root wheel 512 Apr 11 19:12 dev dr-xr-xr-x 1 root wheel 0 Apr 11 21:03 proc dr-xr-xr-x 1 root wheel 0 Apr 11 21:03 sys
12.3. Linux userlands
Linux software requires more than just an ABI to work. In order to run Linux software a Linux userland must be installed first.
If all that is wanted is to run some software already included in the Ports tree, it can be installed via package manager and pkg(8) will automatically setup the required Linux userland. For example, to install Sublime Text 4, along with all the Linux libraries it depends on, run this command:
|
12.3.1. Rocky Linux Base System from FreeBSD Packages
To install the Rocky Linux 9 userland execute the following command:
# pkg install linux_base-rl9
emulators/linux_base-rl9 will place the base system derived from Rocky Linux 9 into /compat/linux.
After installing the package, the contents of /compat/linux can be verified by running the following command to check that the Rocky Linux userland has been installed:
# ls -l /compat/linux/
The output should be similar to the following:
total 36 drwxr-xr-x 2 root wheel 512 Oct 9 17:28 afs lrwxr-xr-x 1 root wheel 7 May 16 2022 bin -> usr/bin drwxr-xr-x 3 root wheel 512 Oct 9 17:28 dev drwxr-xr-x 24 root wheel 1536 Oct 9 17:28 etc lrwxr-xr-x 1 root wheel 7 May 16 2022 lib -> usr/lib lrwxr-xr-x 1 root wheel 9 May 16 2022 lib64 -> usr/lib64 drwxr-xr-x 2 root wheel 512 Oct 9 17:28 opt drwxr-xr-x 2 root wheel 512 Oct 9 17:28 proc lrwxr-xr-x 1 root wheel 8 Oct 1 03:11 run -> /var/run lrwxr-xr-x 1 root wheel 8 May 16 2022 sbin -> usr/sbin drwxr-xr-x 2 root wheel 512 Oct 9 17:28 srv drwxr-xr-x 2 root wheel 512 Oct 9 17:28 sys drwxr-xr-x 8 root wheel 512 Oct 9 17:28 usr drwxr-xr-x 16 root wheel 512 Oct 9 17:28 var
12.3.2. CentOS Base System from FreeBSD Packages
emulators/linux_base-c7 has been deprecated following the deprecation of the upstream project. This means emulators/linux_base-c7 will not receive security updates. The use of the Rocky Linux Base System is recommended unless 32-bit compatibility is needed. |
To install the CentOS userland execute the following command:
# pkg install linux_base-c7
emulators/linux_base-c7 will place the base system derived from CentOS 7 into /compat/linux.
After installing the package, the contents of /compat/linux can be verified by running the following command to check that the CentOS userland has been installed:
# ls -l /compat/linux/
The output should be similar to the following:
total 30 lrwxr-xr-x 1 root wheel 7 Apr 11 2018 bin -> usr/bin drwxr-xr-x 13 root wheel 512 Apr 11 21:10 dev drwxr-xr-x 25 root wheel 64 Apr 11 21:10 etc lrwxr-xr-x 1 root wheel 7 Apr 11 2018 lib -> usr/lib lrwxr-xr-x 1 root wheel 9 Apr 11 2018 lib64 -> usr/lib64 drwxr-xr-x 2 root wheel 2 Apr 11 21:10 opt dr-xr-xr-x 1 root wheel 0 Apr 11 21:25 proc lrwxr-xr-x 1 root wheel 8 Feb 18 02:10 run -> /var/run lrwxr-xr-x 1 root wheel 8 Apr 11 2018 sbin -> usr/sbin drwxr-xr-x 2 root wheel 2 Apr 11 21:10 srv dr-xr-xr-x 1 root wheel 0 Apr 11 21:25 sys drwxr-xr-x 8 root wheel 9 Apr 11 21:10 usr drwxr-xr-x 16 root wheel 17 Apr 11 21:10 var
12.3.3. Debian / Ubuntu Base System with debootstrap
An alternative way of providing Linux shared libraries is by using sysutils/debootstrap. This has the advantage of providing a full Debian or Ubuntu distribution.
To install debootstrap execute the following command:
# pkg install debootstrap
debootstrap(8) needs linux(4) ABI enabled. Once enabled, execute the following command to install Ubuntu or Debian in /compat/ubuntu:
# debootstrap focal /compat/ubuntu
While it is technically possible to install into /compat/linux instead, it’s discouraged due to possible clashes with CentOS-based packages. Instead, derive the directory name from the distribution or version name, e.g., /compat/ubuntu. |
The output should be similar to the following:
I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id F6ECB3762474EDA9D21B7022871920D1991BC93C) I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Checking component main on http://archive.ubuntu.com/ubuntu... [...] I: Configuring console-setup... I: Configuring kbd... I: Configuring ubuntu-minimal... I: Configuring libc-bin... I: Configuring ca-certificates... I: Base system installed successfully.
Then set up mounts in /etc/fstab.
If the contents of the home directory should be shared and to be able to run X11 applications, /home and /tmp should be mounted in the linux compat area using nullfs(5) for loopback. The following example can be added to /etc/fstab: # Device Mountpoint FStype Options Dump Pass# devfs /compat/ubuntu/dev devfs rw,late 0 0 tmpfs /compat/ubuntu/dev/shm tmpfs rw,late,size=1g,mode=1777 0 0 fdescfs /compat/ubuntu/dev/fd fdescfs rw,late,linrdlnk 0 0 linprocfs /compat/ubuntu/proc linprocfs rw,late 0 0 linsysfs /compat/ubuntu/sys linsysfs rw,late 0 0 /tmp /compat/ubuntu/tmp nullfs rw,late 0 0 /home /compat/ubuntu/home nullfs rw,late 0 0 Then execute mount(8):
|
To access the system using chroot(8) execute the following command:
# chroot /compat/ubuntu /bin/bash
Then uname(1) can be executed to check the Linux environment:
# uname -s -r -m
The output should be similar to the following:
Linux 3.17.0 x86_64
Once inside the chroot, the system behaves as in a normal Ubuntu installation. While systemd doesn’t work, the service(8) command works as usual.
To add the package repositories missing from defaults edit the file /compat/ubuntu/etc/apt/sources.list. For amd64 the following example can be used: deb http://archive.ubuntu.com/ubuntu focal main universe restricted multiverse deb http://security.ubuntu.com/ubuntu/ focal-security universe multiverse restricted main deb http://archive.ubuntu.com/ubuntu focal-backports universe multiverse restricted main deb http://archive.ubuntu.com/ubuntu focal-updates universe multiverse restricted main For arm64 this other example can be used: deb http://ports.ubuntu.com/ubuntu-ports bionic main universe restricted multiverse |
12.4. Advanced Topics
Some applications require specific filesystems to be mounted.
This is normally handled by the /etc/rc.d/linux script but can be disabled at boot executing the following command:
sysrc linux_mounts_enable="NO"
Filesystems mounted by the rc script will not work for Linux processes inside chroots or jails; if needed, configure them in /etc/fstab:
devfs /compat/linux/dev devfs rw,late 0 0 tmpfs /compat/linux/dev/shm tmpfs rw,late,size=1g,mode=1777 0 0 fdescfs /compat/linux/dev/fd fdescfs rw,late,linrdlnk 0 0 linprocfs /compat/linux/proc linprocfs rw,late 0 0 linsysfs /compat/linux/sys linsysfs rw,late 0 0
Since the Linux binary compatibility layer has gained support for running both 32- and 64-bit Linux binaries, it is no longer possible to link the emulation functionality statically into a custom kernel.
12.4.1. Installing Additional Libraries Manually
For base system subdirectories created with debootstrap(8), use the instructions above instead. |
If a Linux application complains about missing shared libraries after configuring Linux binary compatibility, determine which shared libraries the Linux binary needs and install them manually.
From a Linux system using the same CPU architecture, ldd
can be used to determine which shared libraries the application needs.
For example, to check which shared libraries linuxdoom
needs, run this command from a Linux system that has Doom installed:
% ldd linuxdoom
The output should be similar to the following:
libXt.so.3 (DLL Jump 3.1) => /usr/X11/lib/libXt.so.3.1.0 libX11.so.3 (DLL Jump 3.1) => /usr/X11/lib/libX11.so.3.1.0 libc.so.4 (DLL Jump 4.5pl26) => /lib/libc.so.4.6.29
Then, copy all the files in the last column of the output from the Linux system into /compat/linux on the FreeBSD system. Once copied, create symbolic links to the names in the first column.
This example will result in the following files on the FreeBSD system:
/compat/linux/usr/X11/lib/libXt.so.3.1.0 /compat/linux/usr/X11/lib/libXt.so.3 -> libXt.so.3.1.0 /compat/linux/usr/X11/lib/libX11.so.3.1.0 /compat/linux/usr/X11/lib/libX11.so.3 -> libX11.so.3.1.0 /compat/linux/lib/libc.so.4.6.29 /compat/linux/lib/libc.so.4 -> libc.so.4.6.29
If a Linux shared library already exists with a matching major revision number to the first column of the ldd
output, it does not need to be copied to the file named in the last column, as the existing library should work.
It is advisable to copy the shared library if it is a newer version, though.
The old one can be removed, as long as the symbolic link points to the new one.
For example, these libraries already exist on the FreeBSD system:
/compat/linux/lib/libc.so.4.6.27 /compat/linux/lib/libc.so.4 -> libc.so.4.6.27
and ldd
indicates that a binary requires a later version:
libc.so.4 (DLL Jump 4.5pl26) -> libc.so.4.6.29
Since the existing library is only one or two versions out of date in the last digit, the program should still work with the slightly older version. However, it is safe to replace the existing libc.so with the newer version:
/compat/linux/lib/libc.so.4.6.29 /compat/linux/lib/libc.so.4 -> libc.so.4.6.29
Generally, one will need to look for the shared libraries that Linux binaries depend on only the first few times that a Linux program is installed on FreeBSD. After a while, there will be a sufficient set of Linux shared libraries on the system to be able to run newly installed Linux binaries without any extra work.
12.4.2. Branding Linux ELF Binaries
The FreeBSD kernel uses several methods to determine if the binary to be executed is a Linux one: it checks the brand in the ELF file header, looks for known ELF interpreter paths and checks ELF notes; finally, by default, unbranded ELF executables are assumed to be Linux anyway.
Should all those methods fail, an attempt to execute the binary might result in error message:
% ./my-linux-elf-binary
The output should be similar to the following:
ELF binary type not known Abort
To help the FreeBSD kernel distinguish between a FreeBSD ELF binary and a Linux binary, use brandelf(1):
% brandelf -t Linux my-linux-elf-binary
12.4.3. Installing a Linux RPM Based Application
To install a Linux RPM-based application, first install the archivers/rpm4 package or port.
Once installed, root
can use this command to install a .rpm:
# cd /compat/linux
# rpm2cpio < /path/to/linux.archive.rpm | cpio -id
If necessary, brandelf
the installed ELF binaries.
Note that this will prevent a clean uninstall.
12.4.4. Configuring the Hostname Resolver
If DNS does not work or this error appears:
resolv+: "bind" is an invalid keyword resolv+: "hosts" is an invalid keyword
configure /compat/linux/etc/host.conf as follows:
order hosts, bind multi on
This specifies that /etc/hosts is searched first and DNS is searched second.
When /compat/linux/etc/host.conf does not exist, Linux applications use /etc/host.conf in the host system but they complain since that file does not exist in FreeBSD.
Remove bind
if a name server is not configured using /etc/resolv.conf.
12.4.5. Miscellaneous
More information on how binary compatibility works with Linux® can be found in the article Linux emulation in FreeBSD.
Last modified on: October 13, 2024 by Fernando Apesteguía