As I want to use my GuruPlug as router and server I tried to partition the OS into several vservers (http://linux-vserver.org/
) and much to my surprise it worked fine.
So it's possible to have a secure setup with the root server being the router/firewall and seperating off all internet-accessible services into seperate vservers. Overhead is minimal.
The kernel patch for vs18.104.22.168.30.4 applied without errors even with the guruplug patches on kernel 2.6.34.
Unfortunately the userspace utils (util-vserver) are not in the Debian repository for arm as there is a porting problem with dietlibc which is used by the Debian package. But as dietlibc is optional (though strongly recommended) it is possible to compile the utils without it. The latest stable version did not compile, but version util-vserver-0.30.216-pre2883 did.
Everything works fine so far with two vservers (one with an Asterisk VoIP-PBX and the other one as a test machine) except vserver-stat does not return any data, which is not nice but acceptable.