How to run a C++ program inside another C++ program?

Question

I will sketch the scenario I would like to get working below.

I have one main application. That application, based on user interactions, can load other applications inside a secure environment/shell. This means these child applications cannot interact with the OS anymore, nor with each other.

The parent program can at any time call functions of these child programs. The child program can at any time call functions of these parent programs.

Does anyone know how to implement this in C++? Preferably both parent and child should be written in C++.

The performance of loading the child applications inside the parent application doesn't matter. The only thing that matters is the performance of the communication between child and parent when calling functions of each other.

Answer 1

You will have to write your own compiler.

Consider: No normal OS supports what you want. You want both executables to run inside a single process, yet that process may or may not make OS calls depending on some weirdness inside the process which the OS doesn't understand at all.

This is no longer a problem with your custom compiler, as it simply will not create the offending instructions. It's similar to Java and .Net, which also prevent such OS calls outside their control.

Answer 2

A portable solution: Google Native Client

One possible Linux solution:

1. Make AppArmor profile with "hats" (a "hat" is a sandboxing configuration to which the application can switch programmatically with libapparmor),
2. have the main application create a "pipe",
3. have the main application "fork",
4. change into a "hat" corresponding to the child application,
5. "exec" the child application,
6. the main application and the child application communicate via the "pipe" created earlier.