For some context, I believe many/most people doing PAAS (e.g. Heroku, DotCloud, Cloudbees, Node*) are using LXC to create slices/dynos/shards/whatever.
Correct. DotCloud started using LXC in May 2010. Before that it used OpenVZ in 2009 (http://openvz.org), and even before that it used VServer (http://linux-vserver.org) in 2008. Back then the notion of stacking 2 types of virtualization was incredibly weird and remote.
In the 2nd half of 2011 other PaaS players caught on to the wonders of container virtualization - Heroku for example started using it with their Cedar stack in April of last year.
Do you know how LXC is compared vs OpenVZ and vs VServer?
I am considering to use one of those for securing / hardening a set of VPSs I am using. Since I do not have debt with any of these tools, I would like to start with just one. The question is which one?
I would go with LXC simply because it's part of the upstream kernel so you can expect it to evolve faster - not to mention you won't have to deal with patch management, and your setup will be more portable.
I would only use OpenVZ if there is a particular feature that it does better, and you can't afford to wait for LXC to catch up.
Can't vouch for LXC or VServer, but OpenVZ is well documented and I was up and running with it within days. I still have a dev server that's been happily running for about 5 years. Users get root access to a 'container' which has some limits imposed upon it. They can do as they please. I don't have to worry about them messing up the host (, they are trusted users though.) The file system is easy to back up, as it's reachable from the host. The server itself doesn't support hardware Virtualisation so it's a nice fit.
