This is an idea proposed in 2021 as a Cambrige Computer Science Part III or MPhil project, and has been completed by Jake Hillion. It was supervised by Anil Madhavapeddy as part of my Information Flow for Trusted Execution project.
The Part III project has two primary goals:
Building void processes involves first reliably removing all privilege from a process then systematically adding back in what is required, and no more. This project utilises Linux namespaces to revoke privilege from an application, showing how this can be done and why its easier in some domains than others. It then shows how to inject sufficient privilege for applications to perform useful work, developing new APIs that are friendly for privilege separation. These elements compose a shim called the "void orchestrator", a framework for restricting Linux processes.