Hi, Miki. This sounds like a new project to me.
To see the system interfaces SM uses, a dumb trick you can do is search the
codebase for XP_WIN, which is usually present in places where we have
It's not that bad. Still, naively, I would consider designing this
differently, to avoid having to implement an operating system. Suppose you
use a stripped-down Linux as your OS, or use containers instead of KVM.
Then all of the above #ifdefs and mmap calls will Just Work.
And, you'll still have plenty of work to do, assuming your sandboxed JS VMs
need to communicate with the more-privileged host process. We have that
need inside Firefox, where untrusted, sandboxed web site processes need to
send messages, sometimes containing arbitrary JS data, to a parent process
that has access to all the user data. We use StructuredClone.h <
for serialization, and the code in dom/ipc for comm <
>; you can implement
something simpler, but it is nontrivial.