We built a thing to enable combining Rust applications together to be hosted on the seL4 microkernel. The developer experience is more akin to that of something like an RTOS where the OS and your applications are built and deployed together. The whole premise of it is decidedly non-POSIX-like. The current point is for assembling software for use-case-specific/appliance computing, not general purpose computing. (https://github.com/auxoncorp/ferros)

In the process we learned a lot about how to interface with the kernel, etc. from the work and associated mailing list of the Genode project. Absolutely could not have done it without them blazing a painful trail previously.

We're looking both for contributors and also actively hiring for a couple engineering positions for the above and for or mainline product.

Genode and Sculpt actually go a long way towards abstracting away the complexity.

It took serious effort to get to such easy to use components and such high level abstractions of capabilities.

Running a modern webbrowser perfectly caged with the capabilities it needs (and no more) is quite the feat they achieved. It even has hardware graphics acceleration.

> It even has hardware graphics acceleration.

How well do isolation mechanisms work on a GPU?

I imagine the hardware can't DMA all over RAM thanks to iommu, and the driver can only talk to its associated hardware.

Past that (textures being visible from the wrong process, gpu memory being reusable without clearing), I have no idea, and I would love to learn more about.

As long as acceleration is not involved, nitpicker does an excellent job of isolating applications that are "sharing the desktop", and preventing many dark patterns. AIUI it predates Genode, but people who were involved in it from its earlier times are now part of Genode.