[snovv_crash]

In robotics you generally don't want untrusted code anyways. It's much easier to a bad actor to do dangerous behaviour in the real world than breaking out of some sandbox. Kind of an analogue-hole situation.

And at that point why bother with an OS? What benefits are and OS providing then anyways? Just deploy with a unikernel.

[rektide]

I don't think that affects broadscale usefulness of Sandboxes at all. That regurgitates the idea that Sandboxes are security measures. That's a naively small use case.

Elsewhere in the threads here is a discussion of Nodelets, which are often used to load & run trusted code on ROS inside of host processes. This is like a jank special homebrew version of a sandbox, with - as other commenters point out - brings a lot of pain. With wasm you can quickly spin up many cheap fast sub-runtimes and connect them ad-nauseum, with the zero-copy benefits & more. http://wiki.ros.org/nodelet

That's really the key. Sandboxes are really about having many (typically different) runtimes in process. Often these will be processes working with processes. As I highlighted already extensively, the benefit is performance & overhead, versus native processes & native ipc. Sandboxes are just a known term for a runtime within the process, for a subprocess.