Notes:
Overall, this is a resource control and jailing mechanism. It has the advantage that there is nearly no new code that needs to be written. There need to be interfaces to loading guest subsystems and jailing processes within them, but the actual jails are already implemented. They were implemented in the course of writing UML. The subsystems need to be split apart, which possibly requires some code rearrangement, and ported into the kernel, which is in the works.
These steps will simply expose the functionality which is already latent.