Hi Olivier,
Sorry about the months-long delay.
Sandstorm does something like this -- the way we do it is that Sandstorm apps are totally self-contained. App packages weight in at 5-25 MB, which is not so bad. Each app package made with our packaging tools is a tiny Debian derivative. We haven't started needing file-level dedup, but we might; this can be accomplished post-install.
When you run a Sandstorm app, the package contents are available read-only, and the app can write to /var and /tmp. Sandstorm guarantees that /var is persisted between runs of the same app instance. A new instance gets a new /var. (/tmp is cleared periodically as you would expect.)
Let me know what you think. I'm happy to keep talking about our approach in detail on this list, or if people think it's off-topic, discuss with you off-list.
Cheers,
Asheesh.