>> > Well.. eh. as you might know that virtuozzo/openvz does not provide >> > kernel isolation. Mainly this means than one kernel exploit can provide >> > full access to all openvz/virtuozzo containers. >> > > > The same is true for solutions like vmware. Just google for all the "blue > pill" talks. It's a theoretical risk that is small enough to be irrelevant. WebServers running buggy php software provides (easy) way to execute local kernel exploits. -- Eero