Many contemporary operating systems utilize a system call interface between the operating systems and its clients. Increasing numbers of systems are providing low-level mechanisms for interception and handling system calls in user code. Nonetheless, they typically provide no higher-level tools or abstractions for effectively utilizing these mechanisms. Using them has typically required reimplementation of a substantial portion of the system interface from scratch, making the use of such facilities unwieldy at best.
I am currently constructing an object-oriented toolkit which substantially increase the ease of interposing user code between clients and instances of the system interface by allowing such code to be written in terms of the high-level objects provided by this interface, rather than in terms of the intercepted system calls themselves. This toolkit helps enable new interposition agents to be written which otherwise would not have been attempted.
I am also currently using the toolkit to construct several agents including: protected environments for running untrusted binaries, modified filesystems namespaces, logical devices implemented entirely in user space, transparent network data compression, and/or encryption agents, and system call tracing tools. Examples of other interesting agents which could be built include: transactional software environments, and emulators for other operating system environments.
Having the flexibility to simultaneously support several variant sets of system services may be particularly useful in a workstation environment: a diversity of software which expects different operating system environments can be supported on a single operating base. Even just the ability to provide multiple configurable views of the filesystem namespace provides a flexibility not found in traditional operating systems.