In Minix if I invoke a server (e.g. file server) to cause a server bug and you use the server too, I may be able to read or write your data. This is the same for Keykos kernel but not user mode servers and little of the file logic is in the Keykos kernel.
They may have a good compiler gimmick for update ‘preserving’ running program state.
Fault injection is a good technique, Keykos did a little but not as much as Minix.
Where is swapping logic? in Keykos swapping, orthogonal persistence, RAM-as-disk-cache is in kernel.
For better and for worse, you end up with Unix security semantics with Minix.
Current Hot Button:
In Mac OS, as a BSD like system, I am advised to run an installer, such as OPAM giving it super-user authority to rummage about my sensitive files, fixing up things so that OCaml programs run well, but with the additional authority to mess up the entire machine.
Even if I trusted it, “too many cooks in the kitchen”.
There is a better way.