[Isolate-interest] Isolate root jail

[Curt Cox]

> May I suggest to add a portable root jail to the isolate API?

> The root jail could allow to chroot(2) an isolate and/or run the
> I/O of native subprocesses through a Java SecurityManager, 
> using a user mode filesystem mechanism.

Unless I miss your intent, the most reasonable API seems to be some
mechanism for defining an additional SecurityManager for the isolate
being created.  The SecurityManager for the parent isolate would
be applied first, so that an isolate can't create another with
more privileges than it has.

This does bring up the subjects of Runtime.exec() and JNI.
A security manager that allows either of those would allow the
creation of an isolate with arbitrary privileges.  So the
existence of any security restrictions would need to disallow
the use of both in order to actually be enforced.