if there is one thing I've learned from being in the OpenBSD community for the past 10+ years it's that current hype is of little to no interest to the folks writing code.
I think (please correct if I am wrong), systrace has some race conditions and is not considered completely secure.
"Applications that use clone()-like system calls to share the complete address space between processes may be able to replace system call arguments after they have been evaluated by systrace and escape policy enforcement."
OpenBSD apps leverage traditional approaches heavily like chroot and privilege separation through different users - even within applications but there is no network separation or similar as in jails or Linux namespaces.
That deals a lot with theory, I am in need of some implementations that work. I've found things that don't work, but I need something I can start and play with.
UVM, the virtual memory subsystem in BSDs, is actually very nicely explained in Charles Cranor's disertation. An abridged version was presented at USENIX: https://www.usenix.org/legacy/event/usenix99/full_papers/cra... , and if you google around, you can find the full thesis.
http://bhyvecon.org/bhyvecon2016-Reyk.pdf
OpenBSD's vmm(4) isn't related to FreeBSD bhyve, but Mike and Reyk were invited to talk about it in Tokyo. :-)