This probably has been disabled due to problems with initrd, am I right? Current implementation of initrd in kernel has been changed so it is safe to enable CHROOT features again. I would advice to enable all of them because you always can disable them (using sysctl) on case by case basis.
This is safe to enable in 2.4.20 and above. It is NOT safe to enable in 2.4.19 and before. In case somebody does not remember it - linuxrc from initrd is (and has been) run as chrooted process. It means, grsecurity denied mknod, mount and pivot_root. Implementation of linuxrc in current kernel has been changed in such way that does not interfere with grsecurity (I do not know if this was intentional, is not, it is a pleasant side effect :)) cheers -andrey P.S. I am not on list so I appreciate Cc on replies if any.
