> - separation of code and data using read-only and read/write file systems
I'll bite. How do you install code in a read-only file system? And
where does a.out go?
The best way I have seen this done is with overlay and union file system support. The 'writeable' versions are the file in /bin are overlayed as needed. To do this properly you need the stackable file system stuff we worked on at LCC and Sun. If you can interpose at the inode level it's very cool and flexible (Sun played with - but makes the Sun symlink nightmare seem like an easy night at the movies), at the filesystem switch layer (Locus and UCLA - scheme that was in BSD at one point - easier to manage/admin).