@lispi314 Clearly I was referring to off site VM's, not VMs that are running on your server.

When it comes to privilege separation & isolation, I am doubtful if VM's are actually that good considering how complicated hypervisors are and how many escapes have been found. Things like SELinux seem to be less complicated and tends to spam hard to syslog if someone is trying to bypass it.