There areas.I hope you understand, that such things do not make anything secure. Administrator of the node will always have access to /proc/kcore, devices, KERNEL CODE(!) etc. No security from this point of view.
1) Checkpointing.
2) Isolation for security purposes.
There may be secrets that the sysadmin should not have access to.
3) Nesting of containers, (so they are general purpose and not special hacks).Why are you interested in nesting? Any applications for this?
The vserver way of solving some of these problems is to provide a wayHuh, it sounds too easy. Just imagine that VPS owner has deleted ps, top, kill, bash and other tools. You won't be able to enter. Another example when VPS owner is near its resource limits - you won't be able to do anything after VPS entering.
to enter the guest. I would rather have some explicit operation that puts
you into the guest context so there is a single point where we can tackle
the nested security issues, than to have hundreds of places we have to
look at individually.