This is my ideal solution as well. Processes are already fully isolated just like virtual machines or containers. They may only execute during time slices where the kernel schedules them, can only communicate and access system resources through the system calls the kernel provides them access to.
If processes are insufficiently isolated, it's the system call interface that's broken, not the isolation model.
It seems to me that virtual machines and containers could be implemented on top of the existing process hierarchy by allowing a parent process to intercept and reinterpret its child process' system calls. Simple example: Want to implement chroot? Intercept all open() calls and prepend the root path (taking care to prevent escaping with '../').
If processes are insufficiently isolated, it's the system call interface that's broken, not the isolation model.
It seems to me that virtual machines and containers could be implemented on top of the existing process hierarchy by allowing a parent process to intercept and reinterpret its child process' system calls. Simple example: Want to implement chroot? Intercept all open() calls and prepend the root path (taking care to prevent escaping with '../').