it clearly can be done, there are a finite number of system calls. and while they aren't very well documented in some cases, the code is there for a reference.
but I think Linux is more than the kernel. If you break user land assumptions about filesystem layout, shared libraries, permissions, etc - are you in a better place as a 95% Linux with better security? From experience people aren't very happy with partial measures to make things linux like.
If you use the MS model (I really wish they had taken posix more seriously 20 years ago), you inherit all of Linux as model, with a different implementation.
If you leave the user/kernel boundary intact, have you improved the state of the world? To what extent are the security issues a result of the model and to what extent the implementation?
but I think Linux is more than the kernel. If you break user land assumptions about filesystem layout, shared libraries, permissions, etc - are you in a better place as a 95% Linux with better security? From experience people aren't very happy with partial measures to make things linux like.
If you use the MS model (I really wish they had taken posix more seriously 20 years ago), you inherit all of Linux as model, with a different implementation.
If you leave the user/kernel boundary intact, have you improved the state of the world? To what extent are the security issues a result of the model and to what extent the implementation?