In Genode, it would be very useful to be able to isolate libraries into their own child processes, greatly reducing the scope of possible security holes. I want to write a generic method for doing this simply, efficiently, and transparently. Can you assess my ideas and/or give me other ideas?
For method calls, one option would be to generate an RPC interface for each library. This seems doable, but methods involving pointers to large amounts of data may be an issue. I could wrap pointers in buffers, but dynamic argument sizes and limits on RPC argument sizes could be an issue.
I could maybe use a packet stream. This would fix some issues, and would remove the need for an individual RPC interface for each library, however the packet stream might need to be fairly large.
I might be able to use the RPC idea above, but wrap each pointer in a dataspace. Is this possible? And is it efficient?