The present invention is for aggregate resource management of active computing environments. According to one or more embodiments of the present invention a compute capsule is provided. A capsule encapsulates an active computing environment. An active computing environment comprises one or more processes and the complete state necessary for the execution of those processes. Within the operating system, compute capsules are promoted to first class objects. Once promoted to first class object status, the compute capsule can be assigned resources, subjected to auditing constraints, and subjected to security policies. In one embodiment, resource management algorithms are applied to the promoted compute capsules. In another embodiment, a compute capsule that encapsulates a user's computing session can be assigned a guaranteed share of computing resources. In another embodiment, compute capsules are restricted from accessing the network or certain portions of the file system.