According to matthew green:
> 
> 
> personally, i've hacked chroot(8) to take -u, -g and -G arguments to
> set the user, group and group list of the process run in the chroot.

Seems like a sound approach.  Adding complexities to the kernel when 
there is a possible solution at application level would seem an 
approach to be avoided.

My USD 0.02

++L