Thanks for the tips and for the pointers.+Michael Snoyman
I was indeed wondering what trick you guys at fpco were using for SoH. But yeah, I will have to setup some kind of application sandboxing anyway. +David Terei
libvirt-sandbox looks very interesting! I'll read more about it and see how that goes.
Thank you Lukasz for that code -- to be honest I will investigate David's suggestion first I think, it seems to offer a decently simple solution to this problem whereas the isolation code you linked will most likely eat much more of my time and keep me from working on other things for this web app.
Alright, I think I have everything I need, thanks again guys.