User-Mode Linux as security layer and for server consolidation? Due to lack of sufficient machines to provide all services i have to offer to my network participants i wonder wether it is a good idea to encapsulate each service (as e.g. kerberos,ldap,bind,mail,dhcp,samba) in several UMLl environments with own filesystem for each and to duplicate this box with heartbeat and drbd (or something like that) for high(er) availability. (sorry for that long sentence) What do you think? Are these services strongly separated doing that way or can an attacker control whole system by compromising only one uml-provided service to easy (when I follow all security rules while setting up each subsystem and isolating UML instances using iptables on base system)? Thx in advance Michael