> I like the idea, a lot. Make the Freedombox a router in front of all
> services, manage the network connections for all services to Internet and
> the local network.
> As Freedombox are targeted at low powered devices, virtual machines might
> be to heavy though. You might look into containers instead. LCX might be a
> better solution for this. Faster and lighter to set up, run and tear down.
> And I know it works on more targets, like in ARM machines.
> https://www.berrange.com/posts/2012/01/17/building-application-sandboxes-with-libvirt-lxc-kvm/

Thanks for the link. So I see his approach lets you choose. The sandbox can run
with either LXC or KVM. I like that. I'm going to come back to this and dig deeper.
His approach seems like it probably has some of the scripting I'm looking for too, or
something like it.

At a very high level it seems the tradeoff between KVM and LXC is KVM gives better 
isolation/protection because it's full virtualization, while LXC performs better.

LXC is probably a better approach for hardware such as the DreamPlug, while KVM 
seems better for more powerful platforms.

More powerful platforms should become more common over time, given Moore's Law.

Also, KVM runs on some ARM CPUs today. There was this earlier thread with some links:

Debian Wheezy, and LXC

