The only thing I saw in the BSD jail() was locking all communications to a
specific IP address; currently the default BIND in VSD is the
hosting-servers's IP address, and secondly, there's no checking against
binding against 0.0.0.0 (ie, everyone else's IP too).
This will be addressed in OpenVDS-2. You'll only be able to bind the virtual
address even if you bind 0.0.0.0, in fact this is a major feature that will
allow us to safely install servers with general-purpose configuration file,
exactly by binding 0.0.0.0 ;-)
Again the BSD jail() is actually relying on *capabilities* offered within
the BSD process system (and the extra entry in the PS struct that ensures
pass-down of the restrictions from father to child. This would
be a useful
thing to have; however...
This is the same way linux works. There's a way of dropping capabilites to
child processes that prevent even root from getting them back. Like I said,
root is just another user. Once a capability is dropped, there's no turning
back.