Linux Containers (lxc)
I've recently been playing around with lxc, and it seems like there have been some really great improvements to lightweight virtualization since I was last using it. I just set up NTP and Squid in their own separate containers that are taking less than 3MB of disk space each (not counting the actual cache storage for Squid, just the container). It took me a while to figure out all the things that need to go into base image to get things working (and I'm doing ro,bind mounts to pull most of the libs/bins from the host OS) but I could definitely see using these more. The extra security seems pretty impressive. I haven't thought of any way to break out, even as root, since I don't have any way to create devices, mount anything, chroot, or read any devices other than the limited set I created initially... but I suppose that's only true until there is some exploit found that lets you run something in kernel space... Still, I'm pretty pleased with it so far.