Answer any 3:
What the purpose of the inner sandbox? What guarantees does it provide and how does NaCl implement it?
What the purpose of the outer sandbox? What guarantees does it provide and how does NaCl implement it?
Why did NaCl take the approach of statically verifying that a piece of x86 is safe instead of providing a trusted compiler approach?
Why is it not possible to dynamically load a library with NaCl? What makes this hard to do?
Why does NaCl not support JITed language runtimes?