The major problem was that one could use firmlinks to escape a chroot.
The solution to that is to simply not use chroot, and use what was
specifically designed for the task, namley sub-hurds. Can you find, and show me, messages or text where this approach was written up in more detail? I don't think this was ever written up, since sub-hurds have been part of the Hurd since almost the beginning.
