Isolation
- Filesystem
- chroot() barrier
- Filesystem Namespaces - private mount tables!
- Immutable enhancement - Immulink for secure, mutable hardlinks between vservers
- Networking
- ip4root - restrict network to list of IPv4s
- ngnet - private network stack for fully custom interfaces