Thank you for your reply.

On 8/22/07, Peter Bex <Peter.Bex@xs4all.nl> wrote:
> The idea of a sandbox is that anything inside the sandbox can't mess up the
> rest of the system as it exists outside the sandbox.
> null mounts are mounts of the nullfs filesystem.  Have a look at the
> mount_nullfs manpage for more info.
>
> Basically the nullfs 'mounts' a directory under another directory.  This
> allows you to share, say, /usr/bin between the sandbox and the real system:
>
> mount_nullfs -o ro /usr/bin /var/chroot/chrootA/usr/bin

NetBSD's Wiki describes either hard linking or simply copying all
necessary support libraries into the chrooted directory:

http://wiki.netbsd.se/chroot

Three questions:
0.  Is null mounting preferable to these two methods?
1.  Are there any tricks/guidelines/admonitions to figuring out how to
move an applications into a chrooted environment?
2.  What user should own a chrooted directory?

Thanks for any candor which can be shared.